This is a quickstart guide to configure SAML 2.0-based Single Sign-on with a Softadmin® system as Service Provider and Okta as Identity Provider.
All stakeholders should agree on which information about users that the Identity Provider will share with the Softadmin® system and how end user permissions in the Softadmin® system will be administered.
Firewalls must allow the Softadmin® system to make https requests to the Okta system.
During configuration the administrators will need to share some system-specific configuration values with each other.
The Softadmin® administrator will share:
The Okta administrator will share:
Choose a Service Provider Identity for the Softadmin® system. Use the system's own URL (for example
https://softadmin.example.com) unless you have good reasons not to. Set the system setting SingleSignOnSamldentity to this identity.
Set SingleSignOnLoginProcedure to the name of the stored procedure that will extract user attributes from the SAML Assertion. Read more
Set SingleSignOnSamlAllowUnsolicitedResponses to Yes so that end users can open the Softadmin® system by from their Okta dashboard.
The Service Provider Postback URL is the location of the system's LoginPostback.aspx-page, for example
Share the Service Provider Postback URL and the Service Provider Identity with the Okta administrator.
See the Okta documentation if you need further details on adding a new integration.
In Applications, click Add Application and then Create New App.
Choose Platform Web and Method SAML 2.0. Click Create.
In General Settings, enter an appropriate App name. Click Next.
In Configure SAML, enter the Service Provider Postback URL you received into the Single sign on URL field, enter the Service Provider Identity into the Audience URI (SP Entity ID) field.
Under Attribute Statements and Group Attribute Statements, enter all previously agreed upon attributes to share with the Softadmin® system.
Click Preview the SAML Assertion to generate the Sample Assertion and save it.
Click Next and then Finish.
Scroll down to the SAML 2.0 section and click the Identity Provider metadata link to get the Identity Provider Metadata URL.
Share the Identity Provider Metadata URL and the Sample Assertion with the Softadmin® administrator.
Switch to the Assignment tab and assign users or groups to the application.
Verify that the Sample Assertion can be parsed by SingleSignOnLoginProcedure.
Enter the Identity Provider Metadata URL into the SingleSignOnSamlMetadataUrl system setting.
Change the SingleSignOn system setting to SAML 2.0.