Simple steps to set up SSO with Okta:
- Open the Configurations tab on your left and go to the SSO settings tab, move the switch to On;
- Open your account in Okta and create a new App Integration or choose an existing one.
How to configure the App Integration:
- After clicking on the Create App Integration button, select the SAML-based sign-in method;
- Fill in all necessary fields on Step 1 — General Settings and proceed to the next step:
- Configure SAML Settings:
- Fill in fields in the General section. You need to match fields from your SSO configuration tab in Precoro with fields in Okta:
- Single sign on URL —> Assertion Consumer Service (ACS)
- Audience URI (SP Entity ID) —> Entity ID
- Mark the Use this for Recipient URL and Destination URL checkbox as 'active' (it's just under the Single sign on URL field);
- Select the EmailAddress parameter for the Name ID format field;
- Select the Email parameter for the Application username field;
- Fill in fields in the General section. You need to match fields from your SSO configuration tab in Precoro with fields in Okta:
- Click Show Advanced Settings and:
- Set Assertion Encryption as Encrypted;
- Download Precoro Certificate and upload it into the Encryption Certificate field;
- Enable Single Logout by marking the Allow application to initiate Single Logout checkbox as 'active';
- Match fields from your SSO configuration tab in Precoro with fields in Okta:
- Single Logout URL —> Single Logout Response Endpoint;
- SP Issuer —> Entity ID;
- Download Precoro Certificate and upload it into the Signature Certificate field;
- Set up the Attribute Statements section:
- Type "email" in the Name field;
- Select 'user.email' for the Value field;
- Proceed to the last step and click the Finish button.
Configure SSO in Precoro
- Fill in Step 3: Identity Provider Issuer:
- Go to the Sign On tab on the just configured App Integration;
- Scroll down, find, and click the View Setup Instructions button;
- Copy the value of Identity Provider Issuer and paste it to Step 3: Identity Provider Issuer in Precoro;
- Upload Metadata to Precoro:
- Find the Identity Provider metadata on the Sign On tab;
- Open the link and save Metadata on your computer;
- Upload this file to Step 4 in Precoro;
- Click the Update button. Now the SSO is configured.
- Please, do not forget to assign users to this Application.