quora Okta Guide -

Okta Guide

SAML SSO

Security Assertion Markup Language (SAML) is a standard for logging users into applications based on their sessions in another context. This single sign-on (SSO) login standard has significant advantages over logging in using a username/password:

  1. No need to type in credentials
  2. No need to remember and renew passwords
  3. No weak passwords

Integration using Okta

  1. Login into your Back-Office account.
  2. Click on settings
  3. Click on Security
  4. Click on SAML Authentication
  5. Here if you scroll down you have three pre-filled values that you will provide to your identity provider.
  6. Now Login into your  Okta admin account.
  7. Click on Administration
  8. Click on Applications
  9. Click on Create App Integration
  10. Select SAML 2.0 and click on Next
  11. Provide the name and logo of the application and proceed by clicking on “Next” button
  12. Uncheck the “Use this for Recipient URL and Destination URL” checkbox under the Single Sign on URL field
  13. Copy the Assertion Consumer Service URL from shufti pro back office settings and paste it into the Single sign-on URL field (Check Steps 1-5)
  14. Copy Sign on URL from shufti pro back office settings and paste it into the Recipient URL and Destination URL field (Check Steps 1-5)
  15. Copy Identifier (Entity ID) from shufti pro back office settings and paste it into the Audience URI (SP Entity ID) field (Check Steps 1-5)
  16. Change Name ID format to EmailAdress and Application username to Email from dropdowns
  17. Proceed by clicking the “Next” button, ensuring that all other settings remain unchanged.
  18. Select the option “I’m an Okta customer adding an internal app” and click on finish
  19. Select “Sign on“ tab.
  20. Scroll down and click on View SAML setup instructions
  21. Copy Identity Provider Single Sign-On URL from okta and paste it into shufti pro back office SSO URL field (Check Steps 1-5)
  22. Copy Identity Provider Issuer from okta and paste it into Shufti pro’s back office Identity Provider URL field (Check Steps 1-5)
  23. Copy x.509 Certificate (without BEGIN CERTIFICATE and END CERTIFICATE comments) from okta and paste it into Shufti pro’s back office Public Certificate field (Check Steps 1-5)
  24. Now enable SSO from Shufti Pro’s Back Office by clicking on Toggle button on SAML Authentication section (Check Steps 1-5)
  25. Now click on submit button
  26. To allow users to login using credentials even when SSO is enabled then uncheck this “Do you want to restrict secondary users from login with their credentials if SSO in enabled?” option and click on submit button

IdP-initiated authentication flow

  1. User will login into their okta account
  2. From My App click on the shufti pro app

SP-initiated authentication flow

  1. Open Back Office and click on Log in with single sign-on (SSO) instead
  2. Enter your email
  3. If SSO is enabled for you, it will take you to your IdP.
  4. If you are already logged in there it will automatically redirect to the shufti pro otherwise ask you to enter your credentials and then redirect you to the shufti pro.

Add User in Okta

  1. Click on People from okta admin dashboard
  2. Click on Add Person
  3. Fill in the user details and click on save
    Ps. Email is required
  4. Refresh the page and the user will be added

Assign Application to User

  1. Click on Application from okta admin dashboard
  2. Select the application in which you want to add user
  3. Click on the Assignments tab
  4. Click on Assign to People
  5. Click on Assign
  6. Verify user email and click on save and Go Back