Skip to content

Latest commit

 

History

History
324 lines (269 loc) · 11.4 KB

okta.adoc

File metadata and controls

324 lines (269 loc) · 11.4 KB
Raw

Setup SSO with Okta

Okta is a US-based identity provider. For more information about Okta, visit www.okta.com.

Connect with Okta

Use the following procedure to connect buddybuild with Okta for SSO. After the first step, the remaining steps take 5-10 minutes to complete.

  1. Contact [email protected]. The buddybuild account team needs to prepare your buddybuild organization’s configuration for SSO. One detail you need to provide is the email domain(s) that your users might use to authenticate.

  2. Once SSO preparation is complete, log in to the buddybuild dashboard.

  3. Select Manage Org in the avatar dropdown Move your mouse pointer over your avatar in the top right corner. A dropdown menu appears.

  4. Select Manage Org. The Manage Organization screen appears:

    The Manage Organization screen

  5. The current organization In the left navigation, a dropdown menu exists with the current organization selected. Click the dropdown menu to list all of the organizations that you currently belong to.

  6. Select the organization that needs SSO configuration.

  7. The Organization Settings panel On the left side of the screen, find the Organization Settings links. Click Single sign-on (SSO). The Connect to your SSO provider screen is displayed:

    The Connect to your SSO provider screen

    Important

    If your buddybuild organization has not yet been prepared to use SSO, the Upgrade today to configure SSO! screen is displayed:

    The Upgrade today to configure SSO! screen

    If you see this screen, click the Contact us button to upgrade your organization’s account to use SSO!

  8. The Connect button Click the Connect button. The Connect to your SSO provider screen is displayed:

    The Connect to your SSO provider screen

    You should see the enterprise email domains that you specified when communication with the buddybuild account team.

  9. In another browser window or tab, log in to Okta. Typically, Okta provides a log in URL that looks like:

    https://mycompany.okta.com/

    Where mycompany is the identifier for your company/enterprise.

    Once you have logged in, the Okta Dashboard screen is displayed:

    The Okta dashboard

  10. The UI Selector dropdown menu in Okta In the top left of the screen, click the Developer Console button. The UI Selector is displayed.

  11. Select Classic UI. The Okta Classic UI Dashboard screen is displayed:

    The Classic UI Dashboard in Okta

  12. The Applications button in Okta Near the top-center of the screen, click the Applications buttons. The Applications screen is displayed:

    The Applications screen in Okta

  13. The Add Application button in Okta Click the Add Application button. The Add Application screen is displayed:

    The Add Application screen in Okta

  14. The Create New App button in Okta Click the Create New App button. The Create a New Application Integration dialog is displayed:

    The Create a New Application Integration dialog in Okta

  15. Set the appropriate application values:

    1. Set the Platform dropdown menu to Web.

    2. Select SAML 2.0 for the Sign on method field.

  16. The Create button in Okta Click the Create button. The Create SAML Integration screen is displayed:

    The Create SAML Integration screen in Okta

  17. Specify the required SSO configuration:

    1. Enter buddybuild into the App name field.

    2. Optionally provide an App logo. This is used to help identify the buddybuild integration in the list of apps. The logo can be changed later.

    3. Optionally check the App visibility checkboxes. These can be changed later.

  18. The Next button in Okta Click the Next button. The Create SAML Integration screen updates to display the Configure SAML fields:

    The Configure SAML screen in Okta

  19. Copy the SSO values from buddybuild to Okta:

    1. Switch to the original browser window or tab, displaying the Connect to your SSO provider screen in buddybuild.

    2. The copy to clipboard button Click the copy to clipboard button beside the Single sign-on URL field.

    3. Switch to the other browser window or tab, displaying the Create SAML Integration screen in Okta.

    4. Paste the Single sign-on URL value into the Single sign on URL field.

    5. Switch to the original browser window or tab, displaying the Connect to your SSO provider screen in buddybuild.

    6. The copy to clipboard button Click the copy to clipboard button beside the Audience URI (SP Entity ID) field.

    7. Switch to the other browser window or tab, displaying the Create SAML Integration screen in Okta.

    8. Paste the Audience URI (SP Entity ID) value into the Audience URI (SP Entity ID) field.

  20. The Next button in Okta Scroll to the bottom of the screen and click the Next button. The Create SAML Integration screen updates to request feedback:

    The Feedback screen in Okta

  21. Select an answer for the Are you a customer or partner? question, and answer any additional questions that may appear.

  22. The Finish button in Okta Click the Finish button. The Application settings screen is displayed:

    The Applications settings screen in Okta

  23. Scroll down to find the highlighted panel labeled SAML 2.0 is not configured until you complete the setup instructions.

  24. The View Setup Instructions button in Okta Click the View Setup Instructions button. A new browser window/tab opens to display the How to Configure SAML 2.0 for buddybuild Application screen:

    The How to Configure SAML 2.0 for buddybuild Application screen in Okta

  25. Copy the SSO values from Okta to buddybuild:

    1. Copy the URL from the Identity Provider Single Sign-On URL field.

    2. Switch to the original browser window or tab, displaying the Connect to your SSO provider screen in buddybuild.

    3. Paste the Identity Provider Single Sign-On URL value into the Enter your Identity Provider sign-on URL field.

    4. Switch to the other browser window or tab, displaying the How to Configure SAML 2.0 for buddybuild Application screen.

    5. Copy the URL from the Identity Provider Issuer field.

    6. Switch to the original browser window or tab, displaying the Connect to your SSO provider screen in buddybuild.

    7. Paste the Identity Provider Issuer value into the Enter your Identity Provider issuer field.

    8. Switch to the other browser window or tab, displaying the How to Configure SAML 2.0 for buddybuild Application screen.

    9. Copy the certificate from the X.509 Certificate field.

    10. Switch to the original browser window or tab, displaying the Connect to your SSO provider screen in buddybuild.

    11. Paste the X.509 Certificate value into the Enter your X.509 certificate field.

    At this point, all of the buddybuild SSO fields should be filled in:

    The filled in Connect to your SSO provider fields

  26. The Configure SSO button Click the Configure SSO button. The You’re now connected to your SSO provider! screen is displayed:

    The You’re now connected to your SSO provider! screen

  27. The Continue button Click the Continue button. The Would you like to require SSO logins? screen is displayed:

    The Would you like to require SSO logins?

    Here you need to choice whether to require SSO logins or not:

    1. The Yes, require SSO now button Click the Yes, require SSO now button if you want to require SSO logins. If you do so, your users must login via SSO if they use an email address in the configured email domain, or if they want to access apps associated with your buddybuild organization. The Require SSO logins dialog is displayed:

      The Require SSO logins dialog

      The Require SSO logins button Click the Require SSO logins button to confirm that you want to require SSO logins. Or, click the Cancel button to close the dialog.

      Caution

      When Require SSO logins is enabled, any connected users that are not logged in via the IDP are immediately disconnected. The need to log in again using SSO.

      You may be logged out of the dashboard too. If your SSO configuration is not working, for example if the application at your IDP is disabled or deleted, you may have to contact buddybuild to regain access.

    2. The No, require SSO later button Click the No, require SSO later button if you do not want to require SSO logins. When SSO is not required, your users can continue to use any existing buddybuild logins that may exist, or log in via SSO.

    For either choice, the SSO settings screen is displayed:

    The SSO settings screen

That’s it! You have successfully completed the initial SSO configuration, and your users can now log in using SSO.