Okta SAML

this feature is available to enterprise customers the following manual configuration creates an saml sso configuration for your enterprise organization prerequisites owner role in an enterprise organization okta account with admin access supported features this configuration supports the following service provider initiated sso single log out \[optional] configuration steps before configuring sso, you need to assign a namespace and create a service provider certificate and private key these important steps provide information you need to enter later create your namespace click organization in the left sidebar click the sso tab under namespace , enter the namespace you want for your organization for example, acmecorp your organization members enter this namespace when they log in via sso under sso type , select saml 2 0 copy the redirect url and save it in a safe place you will use this later when you create your saml integration in okta download your make service provider certificate click organization in the left sidebar click the sso tab scroll down to find service provider certificates find your new certificate refer to the valid from and expires dates if you are unsure on the right side of the row for your certificate, click the icon select download your browser downloads your sp certificate as a pem file you can find it in your downloads folder create an saml integration log in to okta and go to applications > applications click create app integration select saml 2 0 in the popup winder and click next okta saml 2 0 in the general settings tab, name your app and upload your icon click next in the configure saml tab, enter the single sign on url that you copied in the steps to okta saml /#create your namespace above enter the audience uri (sp enttity id) as https //www make com/sso/saml/{{namespace}}/metadata xml keep the default relay state blank enter the following information true false 320false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type click show advanced settings verify that all of the information provided matches the following advanced settings set assertion encryption to encrypted for the signature certificate field, upload the {{product name}} okta saml /#download your make service provider certificate you downloaded above under attibute statements (optional) , add the attribute as shown in the image and click next to save select the following options and click finish assign people to your {{product name}} application under the assignments tab in okta under the sign on tab in okta, view the saml setup instructions copy the identity provider single sign on url and the identify provider certficate and save them in a safe place in {{product name}} , under organization > sso , update the idp log url field and the identify provider certficate field with the information obtained in okta in step 16 enter the following in the login iml resolve field {"email" "{{get(user attributes email, 1)}}","name" "{{get(user attributes profilefirstname, 1)}}{{get(user attributes profilelastname, 1)}}","id" "{{user name id}}"} set allow unecrypted assertions to no allow unsigned responses to no sign requests to yes select the team and save once saved, the page will reload sign out you will receive an email with the subject activation complete sso ready for your organization upon successful activation if you encounter any issues while logging in using sso, disable sso using the "one time link" (valid for 24 hours) service provider initiated sso go to make com click sign in with sso enter the namespace you chose for your organization log in using your okta credentials and consent to {{product name}} 's access to your user data