Configure SSO with Okta

Required Permissions

• You must have the Users Manager permission for the DoiT Console.

• You must have the Super Admin or App Admin permission for the Okta org.

SAML setup

Create a SAML app integration

To create a SAML app integration in the Okta Admin Console:

1. Log in to Okta as an admin user, select Applications in the Applications section.

2. Select Create App Integration, choose SAML 2.0 as the Sign-in method.

3. In General Settings, enter a name for the app, and then select Next.

   We recommend selecting the checkbox Do not display application icon to users. End users who sign in to the DoiT Console via the Okta app catalog will use the Okta Bookmark App integration.

4. Get information for your IdP and configure the general SAML settings for the application.

   • Single sign-on URL: The Single Sign On URL provided in the DoiT Console. For example, https://console.doit.com/__/auth/handler.

   • Audience URI (SP Entity ID): The Audience URI (SP Entity ID) provided in the DoiT Console.

   1. In the Feedback dialog, select Finish to create the application.

See also

Create SAML app integrations

Assign application to users

To allow individual users to access the application on their Okta My Apps page:

1. Navigate to the Assignments tab of the newly created application.

2. Select Assign to People and assign users to the application.

Configure SAML in the DoiT Console

1. In the Okta Admin Console, navigate to the Sign On tab of the newly created application.

2. Select View SAML setup instructions to open the webpage that contains information required by the DoiT application.

3. Log in to the DoiT Console, select the gear icon () from the top navigation bar, and then select Identity & access.

4. Select Single sign-on from the left-hand menu, and then select Configure (or Edit configuration) in SAML.

5. Copy the relevant information to the DoiT Console.

   • Entity ID: The Identity Provider Issuer provided in the Okta View SAML setup instructions.

   • SSO URL: The Identity Provider Single Sign-On URL provided in the Okta View SAML setup instructions.

   • Certificate: The x.509 Certificate provided in the Okta View SAML setup instructions.

6. Save the configurations. SAML will be automatically enabled when you press Confirm.

Create a Bookmark App integration

To allow users sign in to the DoiT Console via the Okta app catalog, you need to Simulate an IdP-initiated flow using the Bookmark App to display the DoiT application to end users.

1. Log in to Okta as an admin user, select Applications in the Applications section.

2. Select Browse App Catalog.

3. Search Bookmark App and select the Bookmark App integration.

4. Select Add Integration to create a Bookmark App instance.

5. In the General Settings for the Bookmark App, find the field URL and enter the Bookmark App URL provided in the DoiT Console. For example, https://console.doit.com/sign-in?idp_tenant_id={tenantID}.

   

6. Select Done to create the Bookmark App.

7. Assign application to users.

Verify the SSO configuration

You can verify both service provider-initiated (SP-initiated) SSO flow and identity provider-initiated (IdP-initiate) SSO flow.

To verify the SP-initiated SSO flow:

1. Navigate to the DoiT Console sign-in page, select Sign in with SSO.

2. Enter your email address. You'll be redirected to the Okta website.

3. Sign in to the Okta SAML app with your credentials as an end user.

4. If successful, you'll land on the DoiT Console Dashboards page.

To verify the IdP-initiate SSO flow:

1. Log in to Okta as an end user.

2. Go to My Apps, and select the Bookmark App.

3. If successful, you'll land on the DoiT Console Dashboards page.

OIDC setup

To configure SSO with Okta using OIDC:

1. Get information for your IdP from the DoiT Console.

   

2. Follow the Okta documentation to Create an OIDC app integration.

3. Configure SSO in the DoiT Console.