Okta is a reliable integration for Single Sign-On to all your web and mobile apps. The service offers a full-featured federation engine and flexible access policy. A user can log in with a single ID to gain access to a connected system or systems without being prompted for different usernames or passwords. This is typically accomplished using the Lightweight Directory Access Protocol (LDAP) as well as using SAML-P.
This configuration is divided into two parts:
Configuration in Okta
1. Go to www.okta.com and click on Sign In.
2. At the Sign In page:
i. Enter your email address and password.
ii. Click on Sign In.
3. You will successfully log into your Okta account. At the top menu bar, click on Admin.
4. You will redirect to Dashboard. Click on Add Applications under Shortcuts.
5. At Add Application page, click on Create New App.
6. A Create a New Application Integration popup window will appear:
i. Select SAML 2.0 option.
ii. Click on Create.
7. You will redirect to the Create SAML Integration page. At General Settings tab:
i. Enter an App name.
ii. Click on Upload Logo to upload an image for your app.
iii. Click on Next.
8. You will move on to the next tab which is Configure SAML. At SAML Settings:
i. Enter Single sign on URL. The URL will be: https://channel.domainname.com/Handlers/SigninHandler.ashx?
ii. Enter Audience URL (SP Entity ID).
iii. Select EmailAddress from the dropdown list as the Name ID format.
iv. Click on Show Advanced Settings.
Note: Replace [channel.domainname.com] with your Account/Channel URL.
9. In Advanced Settings:
i. Select Unsigned as Assertion Signature from the dropdown list.
ii. Select RSA-SHA1 as the Signature Algorithm from the dropdown list.
iii. Select SHA1 as the Digest Algorithm from the dropdown list.
Note: Only Assertion Signature, Signature Algorithm, and Digest Algorithm need to be modified. However, all remaining keys are set as default by Okta which does not require any modification.
10. Scroll down to ATTRIBUTE STATEMENTS (OPTIONAL) section. Here:
i. Enter the Name of ATTRIBUTE STATEMENT and select Basic from the dropdown list.
ii. Define its Value.
Note: You are required to add the following ATTRIBUTE STATEMENTS:
11. Scroll down and click on Next.
12. You will move on to the final step which is Feedback. Here:
i. Select I'm a software vendor. I'd like to integrate my app with Okta option.
ii. Click on Finish.
13. You will redirect to the Sign On tab of your Application page. Click on View Setup Instructions to proceed.
14. A new page will open which will have all the required information to configure SAML 2.0 for your application. Copy the Identity Provider Single Sign-On URL, Identity Provider Issuer, and X.509 Certificate. These will be used while configuring Okta in VIDIZMO.
15. At the top menu bar, go to Application >> Applications.
16. At Applications page, click on Assign Applications.
17. At Assign Applications page:
i. Select the Application & Label which you want to assign.
ii. Select the People to whom the selected Application & Label will be assigned.
iii. Click on Next to proceed.
18. Now click on Confirm Assignments to confirm your selection.
19. At Applications page, you can see that the assignment has been completed.
Configuration in VIDIZMO
1. At Account/Channel Homepage, go to Admin >> Settings.
2. At Settings page, click on Login tab.
3. Click on Enable under the Corporate Login box.
4. Select Identity Provider (SAMLP) from the dropdown list.
i. Enter Identity Provider Single Sign-On URL as the Login URL which you copied in Step 14 of Configuration in Okta.
ii. Enter Sign-In Caption and Sign-In Caption Tooltip. This is shown on the sign in page of the application.
iii. Click Next (>) icon.
6. Now paste the Request Signing Certificate (X509) which you copied in Step 14 of Configuration in Okta. Click Next (>) icon to proceed.
7. As Okta configuration does not require any SAMLP Request on VIDIZMO's end, make sure that the Enabled SAMLP Request checkbox is deselected. Click on Done to continue.
8. Now click on Enable under Trusted Domains box.
9. At Trusted Domains:
i. Enter *.okta.com as your first Trusted Domain. The second Trusted Domain is the Identity Provider Issuer URL copied in Step 14 of Configuration in Okta.
ii. Click on Done.
10. Click on Update to save changes.
11. A message will appear stating: Channel details have been updated successfully. SSO has been successfully set up using Okta.
1. At the top menu bar, click on Sign In.
2. At Sign In page, click on Okta to log in.
3. You will redirect to Account/Channel Homepage.