Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Prerequisites

  • An Okta account is needed before EngageIP can be configured for Single Sign On.  You can create your account by visiting https://www.okta.com/

  • You will need two SSL certificates. One for the SAML request signing, this can either be a self signed certificate or from a public CA (e.g. GoDaddy). The other will come from Okta (see step 13 below)

  • To configure the Single Sign On option in EngageIP, the logged in user needs to be a member of a role that has the "OwnerSingleSignOnConfiguration" options enabled. To check this go to Setup -> / Roles -> / select the proper role -> / find the "OwnerSingleSignOnConfiguration" under "ROLE PERMISSIONS"

...

  1. Login to your Okta Dashboard

  2. Click on the Applications tab in the top menu bar

  3. Click the Add Application button

  4. Click the Create New App button


  5. Set the Platform to 'Web', and the Sign on method to 'SAML 2.0' and click Create

  6. Populate an App name (e.g. 'EngageIP') for this configuration and then click Next

  7. Configure the SAML properties with the proper IP/DNS entry in the Single sign on URL

  8. Scroll down and click Next

  9. Select the option: I’m an Okta customer adding an internal app and click Finish

  10. On the EngageIP application page, click View Setup Instructions

  11. You will be presented with information for configuring the service provider (EngageIP). Copy the data shown in 'Identity Provider Single Sign-On URL' and 'Identity Provider Issuer', and then download the certificate by clicking the Download Certificate button for use a bit later

...

  1. Login to EngageIP

  2. Navigate to the Overview page for the owner you wish to configure SSO for using Okta

  3. Click Add under the Components and then click on Single Sign On


    Note: if the Single Sign On link does not appear, ensure that you've properly configured Single Sign On for this owner.  See Configuring Okta in EngageIP steps above)

  4. Configure the SSO component

  5. Enter the 'SAML Federation ID'.  This  This is the user name that you configured when 'Assigning Okta users to EngageIP' in the configuration steps above

  6. Ensure that the Single Sign On Enable checkbox is checked

  7. Click Save

...

  1. Navigate to your user home for the user you wish to log into EngageIP as.  This is likely the same as the Logout URL that you configured for the EngageIP owner's Logout URL (e.g. oktapreview oktapreview.com/app/UserHome)

  2. Log into Okta and you should see your EngageIP application available.  If not, then please see the 'Adding EngageIP to Okta' and/or 'Assigning Okta Users to EngageIP' configuration steps above

  3. Click on the EngageIP button

  4. You should now see the login process log you into EngageIP

See Also