Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
The service authenticates the end user for all the applications the user has been given rights to.
If a user already exists in Okta, SSO can be used to authenticate it in Triofox. To carry out this integration, there are some aspects that must be taken into account during the configuration.
1. Triofox Single Sign-On
Login as the Administrator and then from the Dashboard > Settings, select the Single Sign On button.
Once the Single Sign On page loads, right-click the link and open in a new tab as we will use this information later.
Click the toggle button to the On position.
On the next page, select Other from the drop down list, then click Next.
In the SAML link previously opened in a new tab, copy the Entity ID as it will be used when configuring Okta.
2. Okta SAML Application - General
From the Okta Admin Portal, click the menu button, then expand the Applications blade, and click Create App Integration button.
Select SAML 2.0 on the next page and click Next.
Provide the App Name then click Next.
On the next page, Set the Single sign on URL and Audience URI (SP Entity ID) as the SAML URL from the Triofox Web Portal. Then click the link to Show Advanced Settings.
On the fields from Advanced Settings, change Response to Unsigned, Signature Algorithm to RSA-SHA1, and Digest Algorithm to SHA1.
3. Okta SAML Application - Attribute Statements
In the Attribute Statements section, create 3 attributes to match the 3 Parameters defined in the CentreStack SSO configuration page:
a. Name: Email - Value: user.email - SSO parameter: IdP Email Parameter
b. Name: FirstName - Value: user.firstName - SSO parameter: IdP Given Name Parameter
c. Name: LastName - Value: user.lastName - SSO parameter: IdP Surname Parameter
4. Okta SAML Application - Setup Instructions and Assignments
After filling all the settings described above click Next and Finish.
Once in the Application page, access the 'Sign On' tab and click on 'View Setup Instructions'.
From this page take two settings and copy them to the SSO configuration on the CentreStack side.
a. Identity Provider Single Sign-On URL (IdP End Point URL)
b. Provide the following IDP metadata to your SP provider (IdP Meta Data)
Okta (Copy all text)
On Triofox click Next, then on the following page Define the Display Text for the Link on the Logon Page, you can choose to check the boxes for "Don't redirect to ldP Login page automatically" and "Create User when User Doesn't Exist". Then Click Commit.
In the Okta Admin portal, to add users to the Application go to the 'Assignments' tab and click the Assign button.
5. How to login
After saving the changes in the SSO page in the Triofox web portal, you can test the integration.
a. From Triofox
In the Triofox login page, the user can see the link to the Okta SSO already defined, click on it and will be redirected to login in, once logged in will be redirected back to Triofox to access his data.
b. From Okta
From the Okta webpage, once logged the user / Applications will see all the applications to which belongs and clicking on it will redirect to the Triofox web portal already logged.
c. From Desktop Clients and Mobile Applications