Skip to main content

Single Sign On Integration with Okta

Shawn Luo
Updated

Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.

The service authenticates the end user for all the applications the user has been given rights to.

If a user already exists in Okta, SSO can be used to authenticate it in Triofox. To carry out this integration, there are some aspects that must be taken into account during the configuration.

1. Triofox Single Sign-On
Login as the Administrator and then from the Dashboard > Settings, select the Single Sign On button.

Once the Single Sign On page loads, right-click the link and open in a new tab as we will use this information later.
Click the toggle button to the On position.
02-ToggleSwitch.png

On the next page, select Other from the drop down list, then click Next.
03-SelectProvider.png

In the SAML link previously opened in a new tab, copy the Entity ID as it will be used when configuring Okta.
TF-Saml-Page.png

 

2. Okta SAML Application - General
From the Okta Admin Portal, click the menu button, then expand the Applications blade, and click Create App Integration button.
05-Okta-ApplicationsBlade.png

Select SAML 2.0 on the next page and click Next.
07-Okta-SelectSaml.png

Provide the App Name then click Next.
06-Okta-AppName.png

On the next page, Set the Single sign on URL and Audience URI (SP Entity ID) as the SAML URL from the  Triofox Web Portal. Then click the link to Show Advanced Settings.
08-Okta-SimpleSaml.png

On the fields from Advanced Settings, change Response to Unsigned, Signature Algorithm to RSA-SHA1, and Digest Algorithm to SHA1.
09-Okta-AdvancedSaml.png

3. Okta SAML Application - Attribute Statements

In the Attribute Statements section, create 3 attributes to match the 3 Parameters defined in the CentreStack SSO configuration page:

a. Name: Email - Value: user.email - SSO parameter: IdP Email Parameter

b. Name: FirstName - Value: user.firstName - SSO parameter: IdP Given Name Parameter

c. Name: LastName - Value: user.lastName - SSO parameter: IdP Surname Parameter

Triofox

10-ldpStuff-1.png

Okta

11-Okta-Attributes.png

 

4. Okta SAML Application - Setup Instructions and Assignments

After filling all the settings described above click Next and Finish.
Once in the Application page, access the 'Sign On' tab and click on 'View Setup Instructions'.
12-Okta-SignOn.png

From this page take two settings and copy them to the SSO configuration on the CentreStack side.

a. Identity Provider Single Sign-On URL (IdP End Point URL)

b. Provide the following IDP metadata to your SP provider (IdP Meta Data)

Okta

13-Okta-EndPoint.png

Triofox

13-TF-EndPoint.png

Okta (Copy all text)
14-Okta-MetaData.png

Triofox
14-TF-MetaData.png

On Triofox click Next, then on the following page Define the Display Text for the Link on the Logon Page, you can choose to check the boxes for "Don't redirect to ldP Login page automatically" and "Create User when User Doesn't Exist". Then Click Commit.
15-TF-SaveOktaSSO.png

In the Okta Admin portal, to add users to the Application go to the 'Assignments' tab and click the Assign button.
16-Okta-Assign.png

5. How to login
After saving the changes in the SSO page in the Triofox web portal, you can test the integration.

a. From Triofox
In the Triofox login page, the user can see the link to the Okta SSO already defined, click on it and will be redirected to login in, once logged in will be redirected back to Triofox to access his data.
17-TF-LoginPage.png18-Okta-LoginPage.png

b. From Okta
From the Okta webpage, once logged the user / Applications will see all the applications to which belongs and clicking on it will redirect to the Triofox web portal already logged.
19-Okta-LoginPage.png

c. From Desktop Clients and Mobile Applications

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk