Skip to main content

Configure SSO with Okta

Choose your learning path

Follow the step-by-step instructions below or check out the ▶️ interactive demo for a visual walkthrough.

Required Permissions

  • You must have the Users Manager permission for the DoiT console.

  • You must have the Super Admin or App Admin permission for the Okta org.

SAML setup

The following section describes how to use SAML to configure SSO with Okta.

Step 1: Enable SSO in the DoiT console

Enable SSO in the DoiT console:

  1. In the DoiT console, select the gear icon () from the top navigation bar, and then select Users and access.

  2. Select Single sign-on from the left-hand menu.

  3. Use the Enable SSO toggle button to enable SSO.

  4. Select SAML sand then select Configure.

  5. In Add the following information to your provider, select Okta from the Provider list.

  6. The information required by Okta is displayed. Make a note of the information as you will need to add this to the application you create in Okta. This is the information that tells Okta where to send users and who its talking to.

    • Single Sign On URL: The address or endpoint of the DoiT console.

    • Audience URI (SP Entity ID): The unique ID of the DoiT console.

    • Bookmark App URL: This link allows users to bypass the standard login screen and authenticate directly through your organization's Okta application.

Step 2: Create a SAML app integration

To create a SAML app integration in the Okta Admin Console:

  1. Sign in to the Okta Admin console.

  2. Expand Applications and select Applications.

  3. Select Create App Integration, choose SAML 2.0 as the Sign-in method and select Next.

  4. In General Settings, select App name and enter a name for the app, and then select Next.

    We recommend selecting the checkbox Do not display application icon to users. End users who sign in to the DoiT console via the Okta app catalog will use the Okta Bookmark App integration.

  5. Paste the information that you copied from step 1 as follows and configure the general SAML settings for the application.

    • Single sign-on URL: The Single Sign On URL provided in the DoiT console. For example, https://console.doit.com/__/auth/handler.

    • Audience URI (SP Entity ID): The Audience URI (SP Entity ID) provided in the DoiT console.

    • Name ID format: The Name ID format defines the format of the username that is sent to the DoiT console to identify the user signing in. The Name ID format must be EmailAddress.

    • Application username: The Application username is the user attribute that is sent to the DoiT console to identify the user signing in. The Application username must be Email.

    1. In the Feedback dialog, select Finish to create the application.

  6. Navigate to the Sign On tab of the newly created application.

  7. In Settings, select Edit. Expand More details. Copy the following information. You will need this information when you configure SSO in the DoiT console. This is the identity information provided by Okta.

    • Issuer: The unique ID of the Okta application.

    • Sign on URL: The URL that redirects the user to your organization's Okta login page.

    • Signing Certificate: Select Download to download a copy of the certificate.

See also

Create SAML app integrations

Step 3: Assign application to users

To access the application, you must assign groups or individual users to the application. We recommend adding users to your groups before assigning them to the application. However, you can manage group membership while assigning users.

  1. Sign in to the Okta Admin console.

  2. Expand Directory. Select People or Groups to manage the users and groups you wish to assign to the application.

  3. Expand Applications and select Applications.

  4. Select your custom application and then select Assignments.

  5. Select Assign and then choose Assign to Groups.

  6. From the Assign DoiT to Groups pane, assign groups to the application.

  7. If necessary, select Assign to People and assign users to the application.

  8. (Applies to groups only) Configure Okta to include group claims in the SAML assertion during login.

  9. Select Sign On.

  10. Navigate to Attribute statements and select Add expression.

  11. In Name, enter a name for the attribute statement.

  12. In Expression, enter your expression. For example user.getGroups("") configures Okta to collect every group assigned to this application.

  13. Select Save.

Step 4: Configure SAML in the DoiT console

  1. Sign in to the DoiT console, select the gear icon () from the top navigation bar, and then select Users and access.

  2. Select Single sign-on from the left-hand menu, and then select Edit configuration in SAML.

  3. Paste the information that you copied in step 2 to the corresponding fields in the DoiT console.

    • Entity ID: The Issuer provided in the Okta Settings instructions.

    • SSO URL: The Single Sign-On URL provided in the Okta Settings instructions.

    • Certificate: The x.509 Certificate provided in the Okta Settings instructions.

  4. Save the configurations. SAML will be automatically enabled when you press Confirm.

  5. (Optional) In Group ID Mapping, assign your SSO Group IDs to specific DoiT roles and organizations in the DoiT console.

    1. In Group ID, enter the group ID of a specific group that you want to map to a DoiT role and organization.

    2. In DoiT Role, select the DoiT role to which you want to map this group.

    3. In Organization, select the organization to which you want to map this group.

    4. Select + Add mapping to map another group.

    5. Repeat these steps for each group you want to map.

    Note

    When a user's group memberships match multiple groups, the mapping rule that appears first in the list is applied. Subsequent mapping rules are ignored.

Step 5: Create a Bookmark App integration

To allow users sign in to the DoiT console via the Okta app catalog, you need to Simulate an IdP-initiated flow using the Bookmark App to display the DoiT application to end users.

  1. Sign in to Okta as an admin user, select Applications in the Applications section.

  2. Select Browse App Catalog.

  3. Search Bookmark App and select the Bookmark App integration.

  4. Select Add Integration to create a Bookmark App instance.

  5. In the General Settings for the Bookmark App, find the field URL and enter the Bookmark App URL provided in the DoiT console. For example, https://console.doit.com/sign-in?idp_tenant_id={tenantID}.

    Okta SAML SSO configurations

  6. Select Done to create the Bookmark App.

  7. Assign application to users.

Step 6: Verify the SSO configuration

You can verify both service provider-initiated (SP-initiated) SSO flow and identity provider-initiated (IdP-initiate) SSO flow.

To verify the SP-initiated SSO flow:

  1. Navigate to the DoiT console sign-in page, select Sign in with SSO.

  2. Enter your email address. You'll be redirected to the Okta website.

  3. Sign in to the Okta SAML app with your credentials as an end user.

  4. If successful, you'll land on the DoiT console Dashboards page.

To verify the IdP-initiate SSO flow:

  1. Sign in to Okta as an end user.

  2. Go to My Apps, and select the Bookmark App.

  3. If successful, you'll land on the DoiT console Dashboards page.

OIDC setup

To configure SSO with Okta using OIDC:

  1. Enable SSO in the DoiT console.

    Okta OIDC SSO configurations

  2. Follow the Okta documentation to Create an OIDC app integration.

  3. Configure SSO in the DoiT console.

▶️ Interactive demo

Try out our interactive demo for a hands-on walk-through experience.

If the demo doesn't display properly, try expanding your browser window or opening the demo in a new tab.

Last updated on