Setting Up SSO through Okta: A Test Example

This guide provides a detailed, step-by-step walkthrough to get single sign-on (SSO) configured for your account.

It will cover setting up your test environment, configuring Okta, integrating Okta and Appspace, and finally, testing your SSO login. You'll find specific details on SAML settings, including NameID format and attribute statements, to ensure a smooth integration.

Step-by-step guide

1.0 Testing Environment

1. Create a new account in your Appspace test environment.
2. Activate the newly created account via the activation email.

2.0 Okta Environment → link to Okta

1. Log in to your Okta account.
2. Select the top left icon and change it to classic UI.
3. Select the application tab.
4. Select add application.
5. Select create new app.
6. Use these creation integration details:
   • Platform: Web
   • Sign-on method: SAML 2.0
7. Select create.
8. Enter a specific app name.
9. Use these (A) SAML settings details:
   • Single sign-on URL: https://cloud.stage.appspace.com (this will need to be edited later on).
   • Audience URI (SP Entity ID): (the domain of the test environment you are testing, e.g., https://cloud.stage.appspace.com).
   • Name ID Format: Transient
   • Application username: Email
   • Select show advanced settings.
   • Signature Algorithm: RSA-SHA1
   • Digest Algorithm: SHA1
   • Scroll down to attribute statements (optional).
   • Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
   • Name format: Unspecified
   • Value: user.email
   • Scroll down and select the next button.
10. Check I'm an Okta customer adding an internal app.
11. Check the app type this is an internal app that we have created.
12. Select finish.
13. Select view setup instructions.
14. Scroll down to the optional header, copy everything in the textbox, and close the window.
15. Paste everything into a textbox and save as an .xml file.

3.0 Testing Environment

1. Log in to your new account.
2. Navigate to Admin > Settings > Account Authentication.
3. Configure your account authentication as follows:
   • Authentication Method: Custom SSO
   • SSO Settings: Optional
   • IdP Information: Use IdP metadata
   • Select upload IdP metadata and select the .xml file that was previously created.
   • Check force re-authentication on login.
   • Check enable IdP-initiated login.
   • Select save & download.
   • Copy the URL in the assertion URL.

4.0 Okta Environment

1. Navigate back to the same page from the 2.0 Okta Environment step 12.
2. Click on the subheader general.
3. On the same line of SAML settings, select edit.
4. Select next.
5. Change the following information on (A) SAML settings:
   • Single sign-on URL: Paste the URL that you copy from (3.0 Testing Environment step 3).
   • Scroll down and select next.
   • Select finish.
6. Select the assignments subheader.
7. Select assign, and select assign to people.
8. Search your Okta account name and select assign on the same row with your name.
9. In the username textbox, enter the email address that you created in the 1.0 Test Environment.
10. Select save and go back.
11. Select done.

2 ways to log in with SSO

Way one [service provider (SP)-initiated]:

1. Navigate back to the test environment and log out of the account.
2. Enter the email address that you created and select login.
   • The password textbox should disappear.
3. You will then be led back to the Okta sign-in page.
4. Enter your Okta credentials and select sign in.
5. You should now be logged into your testing environment account.

Way two [identity provider (IdP)-initiated]:

1. Log in to Okta.
2. Navigate to the Okta dashboard.
3. Select my applications from the top-right corner.
4. Select the application that you wish to open.
5. You should now be logged into your testing environment account.