Okta configuration as IdP for SAML

Okta is an Identity Provider (IdP) used by many Service providers. The setup and configuration are pretty much straight forward and easy. Accounts should be created first with Okta.
Back at Document360 projects, only the account owner or an administrator could get the Enterprise SSO setup configured.

Okta Signup

1. Sign up onto the Okta at https://developer.okta.com/signup/ the Okta developer console
2. Post sign-up you would receive a mail with your login credentials and account activation link on the Email provided during sign-up
3. Click on the activation link and you would be redirected to your Okta Domain login page
4. Login with your credentials
5. On successful login, the Dashboard would be displayed on the Okta developer console domain.

Adding an application

To configure an application to Okta, the user must create a new application.

1. The default dashboard would be as a Developer console. It has to be changed to Classic UI
2. On the top left corner of the page, you’d find a dropdown to toggle between the dashboards
3. To create a new application, go to Applications menu and click on Applications in the drop-down.
4. Now click on the Add application button on the window
5. On the Add Application page click on the Create New App button
6. In the overlay Create a New Application Integration window select the platform as Web from the dropdown
7. Now in the Sign on method select SAML 2.0 and click on the Create button

Creating a SAML integration

Now in Okta the users would land on the Create SAML Integration page

1. On the General Settings page, enter the name of your new application in the App name field
2. Browse and upload a Logo for you application in the Add Logo field if required, as it’s not mandatory
3. In the App visibility you can choose either or both the options depending on your requirement.
4. Click on the Next button

5. In the SAML Settings page the user has to fill in the parameters provider by Document360
6. Head back to the Document360 Enterprise SSO page and SAML tab in it

7. The Callback path provided should be entered in the Single sign on URL field on the Okta SAML settings page
8. Similarly the Service Provider Entity Id should be entered in the Audience URI (SP Entity ID) field on the Okta SAML settings page

9. Next field Default RelayState identifies a specific application resource in an IDP initiated SSO. This field can be left blank

10. For the Name ID Format field select EmailAddress from the drop-down

11. The Application username by default would be as Okta username. Change it to Email from the drop-down

12. The Attribute Statements field is when you create a new SAML integration, or modify an existing integration, you can define custom attribute statements

13. These statements are inserted into the SAML assertions shared with your app.

14. The Group Attribute Statements field is in case you use groups to categorize users, you can add group attribute statements to the SAML assertion shared with your app. However this optional.

15. Now click on the Next button at the end of the page

16. In the Are you a customer or partner? Select the relevant option. (If you're unsure about this you can select the "I'm an Okta customer adding an internal app" and you can skip filling out the fields)

17. Click on Finish

You’ve created an application on the Okta platform which can be configured with the Service provider