Setting up SSO with Okta

Administrators use the following steps when preparing to run SSO with Okta.

  Note:  FP&A Plus does not support IWA configurations for Okta.

1. Log in to Okta as an administrator.
2. Click Admin.

3. Hover over the Developer Console drop-down and select Classic UI.

   The Applications page appears.

4. Click Add Application.

5. Click Create New App.

   The Create a New Application Integration dialog opens.

6. Select SAML 2.0.
7. Click Create.
8. In General Settings, specify a name for the application, and click Next.

9. In SAML Settings, in Single sign-on URL, Recipient URL, and Destination URL, type:

   https://<PROPHIX_INSTANCE_URL>/sso/Saml2/Acs

   where <PROPHIX_INSTANCE_URL> is the URL for your Prophix Cloud instance.

10. In Audience URL, type:

    https://<PROPHIX_INSTANCE_URL>/sso/Saml2

11. Leave Default Relay State empty.
12. Verify that Name ID format is Unspecified.
13. Okta username should be Email.

14. Under Attribute Statements, add the following:

    Name	Name Format	Value
    firstName	Unspecified	user.firstName
    lastName	Unspecified	user.lastName
    email	Unspecified	user.email

15. Click Next.

16. Click Finish.

    The application is created and you are directed to the Application page.

17. Select the Sign On tab.
18. Click View Setup Instructions.
19. Record the following values:
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate

    Later when you set up SSO, these values will be, respectively, the SAML SSO URL, the Issuer URL, and the Token signing certificate.

      Tip:  Alternatively, you can save these values using the IDP metadata option, and use the resulting XML file to load the values into Security Manager. Note that the file must have a .xml extension; if not, you must add it.

20. You are now ready to set up SSO.