Table of Contents |
---|
Prerequisites
An Okta account is needed before EngageIP can be configured for Single Sign On. You can create your account by visiting https://www.okta.com/
You will need two SSL certificates. One for the SAML request signing, this can either be a self signed certificate or from a public CA (e.g. GoDaddy). The other will come from Okta (see step 13 below)
To configure the Single Sign On option in EngageIP, the logged in user needs to be a member of a role that has the "OwnerSingleSignOnConfiguration" options enabled. To check this go to Setup -> / Roles -> / select the proper role -> / find the "OwnerSingleSignOnConfiguration" under "ROLE PERMISSIONS"
...
Login to your Okta Dashboard
Click on the Applications tab in the top menu bar
Click the Add Application button
Click the Create New App button
Set the Platform to 'Web', and the Sign on method to 'SAML 2.0' and click Create
Populate an App name (e.g. 'EngageIP') for this configuration and then click Next
Configure the SAML properties with the proper IP/DNS entry in the Single sign on URL
Scroll down and click Next
Select the option: I’m an Okta customer adding an internal app and click Finish
On the EngageIP application page, click View Setup Instructions
You will be presented with information for configuring the service provider (EngageIP). Copy the data shown in 'Identity Provider Single Sign-On URL' and 'Identity Provider Issuer', and then download the certificate by clicking the Download Certificate button for use a bit later
...
Login to EngageIP
Navigate to the Overview page for the owner you wish to configure SSO for using Okta
Click Add under the Components and then click on Single Sign On
Note: if the Single Sign On link does not appear, ensure that you've properly configured Single Sign On for this owner. See Configuring Okta in EngageIP steps above)Configure the SSO component
Enter the 'SAML Federation ID'. This This is the user name that you configured when 'Assigning Okta users to EngageIP' in the configuration steps above
Ensure that the Single Sign On Enable checkbox is checked
Click Save
...
Navigate to your user home for the user you wish to log into EngageIP as. This is likely the same as the Logout URL that you configured for the EngageIP owner's Logout URL (e.g. oktapreview oktapreview.com/app/UserHome)
Log into Okta and you should see your EngageIP application available. If not, then please see the 'Adding EngageIP to Okta' and/or 'Assigning Okta Users to EngageIP' configuration steps above
Click on the EngageIP button
You should now see the login process log you into EngageIP