How to configure single sign on using Okta (SAML2.0)
This guide will walk you through a standard SSO integration with Okta as the Identity Provider (IdP) and ITM Platform as the Service Provider (Sdp). Before proceeding, we advise you to get familiar with the Single Sign-On process in ITM Platform.
In your Okta admin panel, go to Applications and Create App Application.
- General > Edit SAML Settings > Add the App Name and, optionally ITM Platform’s logo. Click Next
- In A – SAML Settings:
- Single sign on URL: https://app.itmplatform.com/WebService/SSO.asmx/Auth
- Audience URI (SP Entity ID): https://new.itmplatform.com/
- Name ID format: EmailAddress
- Application username: Email
- Scroll down to “Attribute Statements (optional)” and add the following values:
- Name: email
- Value: user.email (select from the dropdown)
- Next > Finish
- Sign-on > SAML Signing Certificates > Download the SHA-2 certificate.
- Generate a fingerprint by pasting the full content of the certificate in https://www.samltool.com/fingerprint.php and generate a sha256 fingerprint that will look like C0:9A:C2:27:4B:46:B8:AF:81:43:CA:65:AE:29:F5:82:E7:AB:01:C3:A9:67:37:1C:52:21:23:CE:7E:74:32:A2. Copy it.
- On the sign-on section of your Okta application, click “View SAML setup instructions” (right pane), and copy the values of:
- Identity Provider Single Sign-On URL (it will look like https://xxxxxxx.okta.com/app/xxxxxitmplatform_xxxxx/exk71wyb72noECfvv5d7/sso/saml
- Identity Provider Issuer (it will look like http://www.okta.com/exk71wyb72noECfvv5d7)
- X.509 Certificate
You now have your Okta application all set up and the values you need to configure ITM Platform’s SSO.
ITM Platform configuration
On the left menu, go to CONFIGURATION > ORGANIZATION > Company Settings. Scroll down to “Single Sign-On (SSO) Configuration”
- Tick “Enable SSO”
- We don’t recommend ticking “Force SSO for all users” until you have tested all works fine. Otherwise, you may be locked out. If this happens, please get in touch with firstname.lastname@example.org
- Issuer: paste the “Identity Provider Issuer” provided by Okta
- Login URL: paste the “Identity Provider Single Sign-On URL” provided by Okta
- Certificate: paste the “X.509 Certificate” provided by Okta
- Fingerprint: paste the fingerprint you generated earlier.
To test it, log out and when prompted on the login page, click on “Login with SSO.” You should be redirected to Okta’s login page and fill out your credentials (we recommend you select “remember me” ) . You will then be redirected to ITM Platform’s home page, and from then on, clicking on “Login with SSO” will lead you to ITM Platform.