How to configure SSO Login via Okta and OPTIZMO
OPTIZMO users have the ability to configure Okta as their default Identity Provider (IdP) to power Single Sign On (SSO). This article details how to configure Okta as their IdP to facilitate SSO with OPTIZMO.
Supported Features
- IdP-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to OPTIZMO from Okta
- Just in Time (JiT) Provisioning - Assigning a user to the application will automatically provision that user in OPTIZMO when that user first authenticates via an IdP-Initiated login
Requirements
In order to proceed with configuring login with SSO through Okta, you must:
- Have access to an Okta tenant
- Be an Okta administrator to that tenant
- Be an existing OPTIZMO account holder. If you do not have an OPTIZMO account, please email us on support@optizmo.net
Configuration Steps
- Reach out to support@optizmo.com and ask that the SSO feature be enabled in your OPTIZMO account. Our support team will provide you with the Default Relay State that you will need in step 4
- In the Okta dashboard, navigate to Applications and then select the Applications sub-menu
- Click on Browse App Catalog and search for OPTIZMO and add this application
- In SAML Settings, set the Default Relay State to what was supplied to you in step 1, it will look something like:
identity_provider=production-okta&client_id=21ik0ckgjj84mnote4ps93qe3t&scope=openid+profile+email&response_type=code&redirect_uri=https%3A%2F%2Fclient.optizmo.net%2Fclient.html%3Fs%3DLogin
as shown below:
- Just below this, set the Application username format to Custom and paste the following:
user.email + "_" + user.getInternalProperty("id")
- Once the Application has been created in your okta account, go to Sign On and copy the Metadata URL. This needs to be sent to support@optizmo.com so that we can complete the integration for your account.
- Assign a user to the application by selecting the Assignments tab, Assign, Assign to People
- Choose a Person to assign to this application and click Assign
-
It's important that you do not adjust the automatically generated username. This value should remain unchanged for the integration to work correctly.
An example of what your username should look like:
- The user may then initiate an IdP initiated login flow from their Okta Account to login to OPTIZMO.
Notes
The following SAML attributes are used by the integration:
Name | Value |
givenname | user.firstName |
lastname | user.lastName |
user.email | |
name | user.displayName |
idpuserid | user.id |