Set up SSO for Okyo Garde Users

You’ll need to configure SSO (single sign-on) so that employees you assign device subscriptions to can log into the mobile app using their corporate credentials. For this setup, we’ll be using Okta as our SAML 2.0 identity provider (IdP). The steps on the IdP side will vary.

Obtain your IdP Authentication information

The information you’ll need to provide on this screen comes from your IdP.
In this setup, we can get this information from an app we’ll create in the Okta Developer Console. To create the app, follow these steps.
  1. Log in to your Okta Developer Console as a user with administrative privileges.
  2. Click
    Admin
    in the upper-right corner of your screen.
  3. Select
    Applications
    Applications
    from the sidebar, and then click
    Create App Integration
    .
  4. Select
    SAML 2.0
    as the sign-in method, and then click
    Next
    .
    The
    Create SAML Integration
    screen appears.
  5. On the
    General Settings
    tab, enter an
    App name
    . Optionally, upload a logo and choose the visibility settings for your app, then click
    Next
    .
  6. Select the
    Configure SAML
    tab and specify the following:
  7. Select the
    Feedback
    tab, choose the appropriate options for your organization, and then click
    Finish
    .
  8. Click the
    View Setup Instructions
    button.
  9. You now have your IdP’s authentication information. Record the content of the
    Identity Provider Single Sign-On URL
    ,
    Identity Provider Issuer
    , and the
    X.509 Certificate
    fields. We’ll use this information in the next section.

Add your IdP Authentication Information to Okyo

Now that you have your IdP’s authentication information, add it to your Okyo Garde Single Sign-On Settings.
  1. Select
    Okyo Garde
    Single Sign-On Settings
    from the sidebar.
  2. Go to the
    Single Sign-on (SSO) Configurations
    panel and select .
  3. Fill in these SSO fields, and then select
    Save
    .
    Field
    Description
    Identity Provider (IdP) Issuer URI
    The URI that identifies the identity provider issuing a SAML request. This URI is specific to your identity provider.
    Copy and Paste
    the
    Identity Provider Issuer
    from your IdP here.
    IdP SSO URL
    The URL that Okyo can access to get SSO configuration information from your identity provider. This URL is specific to your identity provider.
    Copy and Paste
    the
    Single Sign-On URL
    from your IdP here.
    Certificate Signing Algorithm
    The hash algorithm used to sign the SAML certificate.
    Choose
    either
    SHA-1
    or
    SHA-256
    .
    IdP Signature Certificate
    The PEM or DER encoded public key certificate of the identity provider used to verify SAML messages and assertion signatures.
    Copy and Paste
    the
    Certificate
    from your IdP here.
  4. Select
    Download
    on the
    Single Sign-on (SSO) Configurations
    panel to download your SAML Metadata, and then provide it to your IdP. Your IdP needs this SAML metadata to be able to complete the SSO handshake with Okyo Garde.

Provide your Okyo Authentication Information to your IdP

Now that you’ve set up SSO on the Okyo side, you can provide your Okyo authentication information back to your IdP. You’ll find this information in the SAML metadata file that you can download from this screen.
  1. Select
    Download
    on the
    Single Sign-on (SSO) Configurations
    panel to download your SAML Metadata. Your IdP needs two pieces of information from this SAML metadata to be able to complete the SSO handshake with Okyo.
  2. Open the SAML Metadata file you just downloaded and find (CTRL + F) both the
    entityID=
    and the
    Location=
    . Record the information highlighted in yellow in your file. We’ll use it in the next step.
  3. Go back to the
    Configure SAML
    tab in your Okta Developer Console and:
    • Replace your placeholder entry with the SSO URL you found in the SAML Metadata file next to “Location=”.
    • Replace your placeholder entry with the URI you found in the SAML Metadata file next to “entityID=”.
    • Click
      Next
      , and then click
      Finish
      .

Assign Users to your Application

For SSO authentication to work properly for your users, you’ll need to associate them with your IdP. Do this by assigning them to your application.
  1. Go to your Okta app in the Okta Admin Console. Select the
    Assignments
    tab and
    Assign
    to
    People
    or
    Groups
    .
  2. Select
    Assign
    next to the user that you want to assign. Note: If this is a new account, the only option available is to choose yourself (the administrator) as the user.
    Optionally, for User Name, enter a user name or leave it as the user's email address.
  3. Select
    Save and Go Back
    to complete the assignment, and then select,
    Done
    .
  4. Repeat the above steps to assign the application to more users as necessary.

Recommended For You