Set up SSO for Okyo Garde Users
You’ll need to configure SSO (single sign-on) so that employees you assign device subscriptions to can log into the mobile app using their corporate credentials. For this setup, we’ll be using Okta as our SAML 2.0 identity provider (IdP). The steps on the IdP side will vary.
Obtain your IdP Authentication information
The information you’ll need to provide on this screen comes from your IdP.In this setup, we can get this information from an app we’ll create in the Okta Developer Console. To create the app, follow these steps.
- Log in to your Okta Developer Console as a user with administrative privileges.
- ClickAdminin the upper-right corner of your screen.
- Selectfrom the sidebar, and then clickApplicationsApplicationsCreate App Integration.
- SelectSAML 2.0as the sign-in method, and then clickNext.TheCreate SAML Integrationscreen appears.
- On theGeneral Settingstab, enter anApp name. Optionally, upload a logo and choose the visibility settings for your app, then clickNext.
- Select theConfigure SAMLtab and specify the following:
- For now, use a placeholder entry, such as “https://tbd”, in theSingle Sign-on URLfield, and selectUse this for Recipient URL and Destination URL.
- For now, use a placeholder entry, such as “https://tbd”, in theAudience URI (SP Entity ID)field.
- SelectOkta usernameinApplication username, and then clickNext.
- Select theFeedbacktab, choose the appropriate options for your organization, and then clickFinish.
- Click theView Setup Instructionsbutton.
- You now have your IdP’s authentication information. Record the content of theIdentity Provider Single Sign-On URL,Identity Provider Issuer, and theX.509 Certificatefields. We’ll use this information in the next section.
Add your IdP Authentication Information to Okyo
Now that you have your IdP’s authentication information, add it to your Okyo Garde Single Sign-On Settings.
- Selectfrom the sidebar.Okyo GardeSingle Sign-On Settings
- Go to theSingle Sign-on (SSO) Configurationspanel and select .
- Fill in these SSO fields, and then selectSave.FieldDescriptionIdentity Provider (IdP) Issuer URIThe URI that identifies the identity provider issuing a SAML request. This URI is specific to your identity provider.Copy and PastetheIdentity Provider Issuerfrom your IdP here.IdP SSO URLThe URL that Okyo can access to get SSO configuration information from your identity provider. This URL is specific to your identity provider.Copy and PastetheSingle Sign-On URLfrom your IdP here.Certificate Signing AlgorithmThe hash algorithm used to sign the SAML certificate.ChooseeitherSHA-1orSHA-256.IdP Signature CertificateThe PEM or DER encoded public key certificate of the identity provider used to verify SAML messages and assertion signatures.Copy and PastetheCertificatefrom your IdP here.
- SelectDownloadon theSingle Sign-on (SSO) Configurationspanel to download your SAML Metadata, and then provide it to your IdP. Your IdP needs this SAML metadata to be able to complete the SSO handshake with Okyo Garde.
Provide your Okyo Authentication Information to your IdP
Now that you’ve set up SSO on the Okyo side, you can provide your Okyo authentication information back to your IdP. You’ll find this information in the SAML metadata file that you can download from this screen.
- SelectDownloadon theSingle Sign-on (SSO) Configurationspanel to download your SAML Metadata. Your IdP needs two pieces of information from this SAML metadata to be able to complete the SSO handshake with Okyo.
- Open the SAML Metadata file you just downloaded and find (CTRL + F) both theentityID=and theLocation=. Record the information highlighted in yellow in your file. We’ll use it in the next step.
- Go back to theConfigure SAMLtab in your Okta Developer Console and:
- Replace your placeholder entry with the SSO URL you found in the SAML Metadata file next to “Location=”.
- Replace your placeholder entry with the URI you found in the SAML Metadata file next to “entityID=”.
- ClickNext, and then clickFinish.
Assign Users to your Application
For SSO authentication to work properly for your users, you’ll need to associate them with your IdP. Do this by assigning them to your application.
- Go to your Okta app in the Okta Admin Console. Select theAssignmentstab andAssigntoPeopleorGroups.
- SelectAssignnext to the user that you want to assign. Note: If this is a new account, the only option available is to choose yourself (the administrator) as the user.Optionally, for User Name, enter a user name or leave it as the user's email address.
- SelectSave and Go Backto complete the assignment, and then select,Done.
- Repeat the above steps to assign the application to more users as necessary.
Recommended For You
Recommended videos not found.