This is the procedure to configure Controls products with OKTA & Auth0/SAML
· Define the connection name that Auth0/Okta will use e.g. sampleOktaAuth The name should clear enough, to determine what it is used for.
· Create any test users in the Controls Environment, before setting up SSO. Use any user in the local.sandbox AD Domain.
Create Okta Connection First
Log into Okta environment
Click “Admin’ button on the top left
Switch to “Developer Classic UI” on top left of web page
Click “Applications” on the Okta bar
Click “Create New Application”
Select “Web” Platform and SAML 2.0
Enter the App Name (Use the Connection Name)
Enter the Single Sign-on URL (The text string up to the “=” sing will be the same always) e.g.(https://sample.auth0.com/login/callback?connection=sampleOktaAuth)
Enter the Audience URI (SP Entity ID) – (The text string up to the “:” sing will be the same always) (urn:auth0:sample:sampleOktaAuth)
Leave “Recipient”, “Destination” and “Relay State” blank
Name ID Format – Leave as Unspecified
Change the Application username to be “email”
Leave “Update application username on” as Create and update
Add three (3) additional “ATTRIBUTE STATEMENTS”
Select “I’m an Okta Customer adding an internal app”
Click “Finish” at the bottom
Click on View Setup Instructions and leave this page for later
Click on “Assignments”
Click on “Assign” -> “Assign People”
Search for the user you want to login (Okta) and this user will need an account on controls environment, prior to setting it up as SSO-AUTH0.
Click the “Assign” button on the left of the User Name.
Click on “Save and Go Back”
Search for any other users or click “Done”
Auth0 Application Creation
Login into Auth0
Click on “Connections”
Click on “Create Connection”
Enter the Connection Name you decided on in the Prerequisites step.
Enter a Display Name, it can be the same as the Connection Name
Paste the “Sign In URL” from step 2 of setting up Okta Connection (Setup Instructions)
Download the Okta certificate from step 2 and click “Choose File” to select this cert.
Paste the “Sign In URL” also for the “Log Out URL”
Leave User ID Attribute blank
Turn on “Debug Mode”
Turn off “Sign Request”
Select “RSA-SHA256” for Sign Request
Select “SHA256” for Sign Request Algorithm Digest
Select “HTTP-POST” for Protocol Binding
Open the connection you created
Select “Mappings” Tab and paste these values
Select “IdP-iniitated SSO” Tab
Select the “Application you created in Auth0”
Select “OpenID Connect”
Enter this for the Query String (Use the IP of the App Server and the port number it’s running on)
Select the “Applications” Tab
Turn on the application you created above for Auth0 and turn off any other that are turned on “green slide tab”
You have completed setting up a Okta/Auth0 IdP SSO Connection for your environment. You will need to still turn on SSO setting in the Controls “appserver.advanced.properties” file.