We recommend switching to the latest versions of Edge, Firefox, Chrome or Safari. Using Internet Explorer will result in a loss of website functionality.

Articles in this section

See more

Configure Control Products with OKTA & AUTHO/SAML

Avatar
Saboor Zafar
  • Updated
Follow

This is the procedure to configure Controls products with OKTA & Auth0/SAML

Prerequisites:

 ·  Define the connection name that Auth0/Okta will use e.g. sampleOktaAuth The name should clear enough, to determine what it is used for.

·    Create any test users in the Controls Environment, before setting up SSO. Use any user in the local.sandbox AD Domain. 

Create Okta Connection First

Log into Okta environment 

  • Click “Admin’ button on the top left

  • Switch to “Developer Classic UI” on top left of web page

  • Click “Applications” on the Okta bar

  • Click “Create New Application”

  • Select “Web” Platform and SAML 2.0

  • Enter the App Name (Use the Connection Name)

  • Click Done

  • Enter the Single Sign-on URL (The text string up to the “=” sing will be the same always) e.g.(https://sample.auth0.com/login/callback?connection=sampleOktaAuth)

  • Enter the Audience URI (SP Entity ID) – (The text string up to the “:” sing will be the same always) (urn:auth0:sample:sampleOktaAuth)

  • Leave “Recipient”, “Destination” and “Relay State” blank

  • Name ID Format – Leave as Unspecified

  • Change the Application username to be “email”

  • Leave “Update application username on” as Create and update

  • Add three (3) additional “ATTRIBUTE STATEMENTS”

    • Name                                                    Value

    • Email                                                     user:email

    • Firstname                                            user:firstName

    • Lastname                                            user:lastName

  • Click “Next”

  • Select “I’m an Okta Customer adding an internal app”

  • Click “Finish” at the bottom

Click on View Setup Instructions and leave this page for later

Click on “Assignments”

Click on “Assign” -> “Assign People”

Search for the user you want to login (Okta) and this user will need an account on controls environment, prior to setting it up as SSO-AUTH0.

Click the “Assign” button on the left of the User Name.

Click on “Save and Go Back”

Search for any other users or click “Done”

Auth0 Application Creation

Login into Auth0

Click on “Connections”

Select “SAML”

Click on “Create Connection”

Enter the Connection Name you decided on in the Prerequisites step.

Enter a Display Name, it can be the same as the Connection Name

Paste the “Sign In URL” from step 2 of setting up Okta Connection (Setup Instructions)

Download the Okta certificate from step 2 and click “Choose File” to select this cert.

Paste the “Sign In URL” also for the “Log Out URL”

Leave User ID Attribute blank

Turn on “Debug Mode”

Turn off “Sign Request”

Select “RSA-SHA256” for Sign Request

Select “SHA256” for Sign Request Algorithm Digest

Select “HTTP-POST” for Protocol Binding

Click “Create”

Open the connection you created

  • Select “Mappings” Tab and paste these values

{

“email”: “email”,

“firstname”: “firstname”,

“,lastname”: “lastname”

}

Click “Save”

  • Select “IdP-iniitated SSO” Tab

Select the “Application you created in Auth0”

Select “OpenID Connect”

Enter this for the Query String (Use the IP of the App Server and the port number it’s running on)

redirect_uri=http://xxx.xxx.xxx.xxx:xxxx/infogixer&scope=openid email&response_type=code

Click “Save”

  • Select the “Applications” Tab

Turn on the application you created above for Auth0 and turn off any other that are turned on “green slide tab”

You have completed setting up a Okta/Auth0 IdP SSO Connection for your environment. You will need to still turn on SSO setting in the Controls “appserver.advanced.properties” file.

Related articles

Comments

0 comments

Please sign in to leave a comment.