You’ll need to configure SSO (single sign-on)
so that employees you assign device subscriptions to can log into
the mobile app using their corporate credentials. For this setup,
we’ll be using Okta as our SAML 2.0 identity
provider (IdP). The steps on the IdP side will vary.
tab, choose
the appropriate options for your organization, and then click
Finish
.
Click the
View Setup Instructions
button.
You now have your IdP’s authentication information. Record
the content of the
Identity Provider Single Sign-On URL
,
Identity
Provider Issuer
, and the
X.509 Certificate
fields.
We’ll use this information in the next section.
Add your IdP Authentication Information to Okyo
Now that you have your IdP’s authentication
information, add it to your Okyo Garde Single Sign-On Settings.
Select
Okyo Garde
Single
Sign-On Settings
from the sidebar.
Go to the
Single Sign-on (SSO) Configurations
panel
and select
.
Fill in these SSO fields, and then select
Save
.
Field
Description
Identity Provider (IdP) Issuer URI
The URI that identifies the identity provider issuing
a SAML request. This URI is specific to your identity provider.
Copy
and Paste
the
Identity Provider Issuer
from
your IdP here.
IdP SSO URL
The URL that Okyo can access to get SSO configuration
information from your identity provider. This URL is specific to
your identity provider.
Copy and Paste
the
Single Sign-On
URL
from your IdP here.
Certificate Signing Algorithm
The hash algorithm used to sign the SAML certificate.
Choose
either
SHA-1
or
SHA-256
.
IdP Signature Certificate
The PEM or DER encoded public key certificate of
the identity provider used to verify SAML messages and assertion
signatures.
Copy and Paste
the
Certificate
from
your IdP here.
Select
Download
on the
Single Sign-on
(SSO) Configurations
panel to download your SAML Metadata,
and then provide it to your IdP. Your IdP needs this SAML metadata
to be able to complete the SSO handshake with Okyo Garde.
Provide your Okyo Authentication Information to your IdP
Now that you’ve set up SSO on the Okyo side,
you can provide your Okyo authentication information back to your
IdP. You’ll find this information in the SAML metadata file that
you can download from this screen.
Select
Download
on the
Single
Sign-on (SSO) Configurations
panel to download your
SAML Metadata. Your IdP needs two pieces of information from this SAML
metadata to be able to complete the SSO handshake with Okyo.
Open the SAML Metadata file you just downloaded and find
(CTRL + F) both the
entityID=
and the
Location=
.
Record the information highlighted in yellow in your file. We’ll use
it in the next step.
Go back to the
Configure SAML
tab
in your Okta Developer Console from step 2 and:
Replace your placeholder entry with the SSO URL
you found in the SAML Metadata file next to “entityID=”.
Replace your placeholder entry with the URI you found in
the SAML Metadata file next to “Location=”.
Click
Next
, and then click
Finish
.
Assign Users to your Application
For SSO authentication to work properly for
your users, you’ll need to associate them with your IdP. Do this
by assigning them to your application.
Go to your Okta app in the Okta Admin Console.
Select the
Assignments
tab and
Assign
to
People
or
Groups
.
Select
Assign
next to the user
that you want to assign. Note: If this is a new account, the only
option available is to choose yourself (the administrator) as the
user.
Optionally, for User Name, enter a user name or leave it
as the user's email address.
Select
Save and Go Back
to complete
the assignment, and then select,
Done
.
Repeat the above steps to assign the application to more
users as necessary.