Configure Signals SAML Authentication with Okta following the steps below:
Before starting, it's highly recommended to contact us to create a secondary URL for your tenant. This will allow you to still login to your tenant in case the main URL authentication is broken.
Create a New Application in Okta
If you already have Okta authentication setup for one of the tenant's domains, do not reuse that existing application, you will most likely lock yourself out of your tenant in the process if you edit the existing application configuration.
Choose SAML 2.0
Choose an Application name to show users in their Dashboard:
On SAML Settings enter the following information:
- On Single Sign-On URL enter the Signals Notebook Assert URL, this URL ends in "saml-consume"
- On Audience URI (SP Entity ID) Enter the same value you chose for Signals Notebook's Application ID
- This value can be anything you choose, it just needs to match in both Signals Application ID and Okta's Audience URI.
- You can use your tenant's URL but we don't recommend it as it usually creates confusion
- On Name ID format choose EmailAddress
- On Application username choose email
Finish the application creation. Once complete, navigate to the application and click on the Sign-On tab, then click More details:
From here you need to copy the Sign-On URL, Signing Certificate and optionally the Sign-Out URL.
Click on the Copy button for the Signing Certificate as that will copy the certificate string in the accepted format for Signals Notebook.
If you choose to download the certificate, you will need to edit the certificate text to be a single line, no spaces and no BEGIN or END tags.
In the Signals Notebook configuration paste the values you copied above into the corresponding configuration fields:
Remember, the Application ID needs to match what you entered in Okta's Audience URI (SP Entity ID)
Once all the information has been entered, you can use the Test Authentication button.
Remember to only save the new configuration if the Test is successful or if you have a secondary URL to login to your tenant.
Comments
0 comments
Article is closed for comments.