About Okta SAML Integration
Single Sign-On with Okta (SAML) in Iru Endpoint lets you set up SAML-based SSO integration with Okta for users accessing Iru Endpoint through their Okta credentials.How It Works
Okta SAML integration lets users authenticate to Iru Endpoint using their existing Okta credentials. Once configured, users can access Iru Endpoint through a single sign-on experience. The integration works by establishing a trusted relationship between Iru Endpoint and Okta, where Okta acts as the identity provider (IdP) and Iru Endpoint acts as the service provider (SP). When users attempt to access Iru Endpoint, they’re redirected to Okta for authentication, and upon successful login, Okta sends a SAML assertion back to Iru Endpoint confirming the user’s identity.Setting Up the SAML Connection
1
Navigate to the Account Menu Button
In Iru Endpoint, in the sidebar, click the Account Menu Button.
2
Access Authentication Settings
Click the Access option in the menu.
3
Add New Connection
Select the Admin and Authentication tab (selected by default) and scroll down to Authentication methods.
4
Add Authentication Method
Click + Authentication Method, then enter a display name for the SSO Connection and select SAML.
5
Create Connection
Click Create.
6
Configuration Information
Click Configuration information if that section is not already expanded.
7
Copy Required URLs
Copy the Assertion Consumer Service URL and Entity ID, saving them in a text document for later use.
8
Keep Tab Open
Leave this browser tab open as you proceed with the instructions below.
Configuring Okta Application
1
Log in to Okta
In a new browser tab, log in to your Okta tenant.
2
Navigate to Applications
On the left-hand side, click the reveal triangle next to Applications, then click Applications.
3
Create App Integration
Click Create App Integration.
4
Select SAML 2.0
Select SAML 2.0 as the app integration type and click Next.
5
Configure App Details
Enter an App name, upload an optional App logo, and click Next.
6
Configure SAML Settings
In the Single sign-on URL field, paste the Iru Endpoint Assertion Consumer Service URL that was copied earlier.
7
Set Entity ID
In the Audience URI (SP Entity ID) field, paste the Iru Endpoint Entity ID that was copied earlier.
8
Configure Identity Settings
Ensure that the Name ID format is set to Unspecified, the Application username format is set to Email, and Update application username on is set to Create and update.
9
Continue Configuration
Select Next.
10
Set App Type
Select I’m an Okta customer adding an internal app and This is an internal app that we have created.
11
Complete Setup
Click Finish.
12
View SAML Instructions
Back at the Sign On tab, find the link to View SAML setup instructions and open it in a new browser tab.
13
Copy Issuer Information
In Okta Application > Sign-on, copy the Issuer information and save it in a text document. You will paste this into the IdP Entity ID field in Iru Endpoint.
14
Copy Sign-On URL
Copy the Single Sign-On URL and save it in a text document for later use in Iru Endpoint.
15
Download Certificate
Download the certificate file and save it for use in Iru Endpoint.
Assigning Users to the Okta App
1
Navigate to Assignments
Go back to the Okta app and click the Assignments tab.
2
Assign to People
Click the Assign dropdown menu and click Assign to People.
3
Search for User
Search for a test user to assign.
4
Complete Assignment
Once the user is assigned, click Done.
5
Verify Assignment
You should see the user that you have selected in the list.
Configuring Iru Endpoint SAML Connection
1
Return to Iru Endpoint
Go back to the Custom SAML integration in Iru Endpoint.
2
Set Connection Name
Give the connection a Name.
3
Configure Sign In URL
Paste the Single Sign-On URL you copied from Okta into the Sign In URL text field.
4
Add IdP Entity ID
Paste the Issuer information you copied from Okta into the IdP Entity ID field.
5
Upload Certificate
Upload the Okta certificate you downloaded earlier.
6
Configure User Attributes
Set the following user attribute options:
- Set IdP attribute to Subject.
- Leave Attribute name blank.
- Set User attribute to UPN.
7
Configure Signing Settings
Ensure Sign Request is enabled, Request Algorithm is set to RSA-SHA256, and Sign Request Algorithm Digest is set to SHA 256.
8
Set Request binding
Set the Request binding to HTTP-POST.
9
Save Connection
Click Save.
Allow for Tenant Authentication
Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can allow its use for tenant authentication. For step-by-step instructions, please refer to the Allowing Tenant Authentication and Managing Connections section in our Single Sign-on support article.Enforcing Single Sign-On
Once you have configured at least one Single Sign-on connection, you can disable Passkey, Google Social, and Microsoft Social connections. Disabling these connections will disable the ability for Iru Endpoint administrators in your tenant to authenticate via those methods. Please refer to our Single Sign-on support article for step-by-step instructions.Testing the Integration
1
Add Test User
Add a test user to the Admin Team in Iru Endpoint by clicking New User.
2
Configure User Information
Fill in all of the corresponding user information. This user must exist in Okta and must be assigned to the Okta SSO app in your Okta tenant.
3
Submit User
Click Submit.
4
Close Invite Window
Once the invite is submitted, close the Invite User window.
5
Refresh Access Page
Refresh the Access page in Iru Endpoint. You should see the user who was added.
6
Test SSO Login
Go to the user’s email to accept the invite and log in with the new SAML SSO connection.