Okta SAML Application Setup

As an application developer, you want to give your users the ability to sign in directly to your application using Okta for identity management. To do so, your application needs to support federated Single Sign-On (SSO). In this scenario, your application will rely on Okta to serve as an external Identity Provider (IdP).

This article shows how to create an Okta SAML application.

A. Create a direct access application in Okta

Note: If you don't already have an Okta account you can create one by going to this link.

1. Sign in to your Okta tenant as an administrator.

a. Enter "Username"
b. Enter "Password"
c. Click "Sign In" 

2. In the Admin Console

a. Navigate to Applications > Applications
b. Click "Create App Integration"

3. Create a New App Integration/ Sign-On Method:

a. Choose "SAML 2.0"
b. Click "Next"

4. Create a SAML Integration/ General Settings

a. App Name: Enter an App Name such as "Direct access to atEvent"
b. Click "Next"

5. Configure SAML/ SAML Settings:

a. Single Sign On URL: Enter the following: https://ceaservices3.at-event.com/saml/SSO
b. Use this for Recipient URL and Destination URL: Fill in the checkbox
c. Audience URI (SP Entry ID): Enter the following: https://ceaservices3.at-event.com/saml/metadata
d. Scroll to the bottom and Click "Next"

6. Feedback (Option 1): If you are an Okta customer complete this step as follows. If not skip to Option 2 below.

a.  I'm an Okta customer adding an internal app: Fill in the radio button
b. Click "Finish"

6. Feedback (Option 2): If you are a software vendor complete this step as follows

a.  I'm a software vendor. I'd like to integrate my app with Okta: Fill in the radio button
b. Click "Submit Your App for Review". You will receive an email confirming your newly created App.
c. Click "Finish"

7. SAML Application Continued   

a. Navigate to Applications/Applications
b. Click the SAML Application name that you created in Step 4. In this example "Direct access to atEvent".

8. SAML Application Settings

a. Verify that the SAML Settings URLs are correct. If not, you can correct them by clicking the edit button at the upper right.
b. Click the "Sign On" tab

9. SAML Application Settings/ Sign On

a. Click "Identity Provider Metadata".  This directs to the Metadata URL that can be used to configure SSO for atEvent.

10. SAML Metadata URL or XML file.

a.  SAML Metadata: In the URL select the displayed metadata, copy it to an external notepad and save it. This metadata can be used when enabling SSO in atEvent.
b.  SAML Metadata File: If you prefer to use a metadata file rahter than a URL you can copy the complete XML file and save it to your local device as an XML file using notepad or a similar text editor. This XML metadata file can also be used to enable SSO in atEvent.

11. Assign Users

a. Click on the "Assignments" tab
b. Click the "Assign" button

12. Assignments Continued:

a. Click on "Assign to People" if you want to assign individual members of your company. For more information on "Assign to People" click on the following link.

Note: If you are a large company it might be a better option to use "Assign to Groups"
     b. Click the "Assign to Groups" if you want to assign a group of employees of your company.
Note: If you don't already have a group setup in Okta you will need to create one before using "Assign to Groups". To learn more about Groups click on the following link.

13.  Assign to Groups: Managing user access individually is time consuming and inefficient. Using groups can help you simplify user management as changes to group access rights are automatically applied to all members of the group. In this example we will be using the "Assign to Groups". 

a. For this example we have already setup a group called "Everyone"
b. Click the "Assign" button to assign this (Direct Acces to atEvent) to Groups (Everyone)
c. Click the "Done" button

14. Assign to Groups continued: Under the Assignments tab "Direct Access to atEvent" now shows up under the Group "Everyone". Now all atEvent users connecting with Okta will be authorized as a group (Everyone). 

B. Setup Single Sign-On (SSO) in atEvent 

To setup SSO in atEvent you can now use the SAML metadata that you have created in Okta. Here is the article to complete SSO setup in atEvent.

Remember: You will need the Okta SAML metadata from Section A of this article in order to complete your SSO setup in atEvent.