Search here...
< All Topics
Print

Setting up a SAML Application in OKTA

Prerequisites

Your Prolaborate site should have a valid SSL Certificate.

If you don’t have a SSL Certificate, you can create a self-signed certificate yourself. Please get in touch with Prolaborate team to know more about it.

Service Provider Configuration

To configure the Service Provider, click on Menu → SAML Settings .

From the top right of the page that opens, click on Enable SSO.

Under Service Provider Configuration,

  1. Name and Assertion Consumer URL will be prefilled. These URLs will be used as ‘Single sign on URL’ and ‘Audience URI (SP Entity ID)’ in Okta configuration respectively.
  2. Choose the .pfx file of your SSL certificate
  3. Enter the Password of the .pfx file

Configuring Prolaborate in Okta

The following sections will elaborate the steps involved in setting up Prolaborate in Okta.

Create a new SAML Application

To create a SAML application, follow the below steps:

  1. Log in to your Okta account as an user with administrative privileges. Click on Admin button.

3.Click on Add Application button

4. Click on Create New App

5. Select the Platform as Web and Sign on method as SAML 2.0 and click on Create button.

General settings

In step 1, fill General settings as per instructions below and Click on Next.

  1. App name – Enter your Application Name (say Prolaborate).
  2. App logo (Optional) – Review the tool tips for details about the type of image you can use for your logo.
  3. App visibility – You can leave these options as unchecked. 

Configure SAML

  1. In step 2, fill Section A – SAML Settings as per instructions below. 
  1. Fill ‘Single sign on URL’ and ‘Audience URI (SP Entity ID)’ fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration).
  2. Use this for Recipient URL and Destination URL – Select this box as recipient and destination URL to be same.
  3. Click on Show Advanced Settings

4. Check the Enable Single Logout to allow the application to initiate single logout.

5. Single Logout URL: Get Name from Service provider Configuration of Prolaborate and append it with /SAML/SLOService.aspx. to get the Logout URL. For example, https://localhost/SAML/SLOService.aspx

6. SP Issuer: Enter the URL from Service Provider Name field from Prolaborate

7. Signature Certificate: Browse SSL certificate (.cer file) of Prolaborate instance and click on Upload Certificate

8. Attribute Statements should be configured as below:

Attribute Name Value
Firstname user.firstName
Lastname user.lastName
Email user.email

9. You need not change any other settings

2. Section B is not needed for Prolaborate. You can just click on Next

Feedback tab

  1. In Step 3, select I’m an Okta customer adding an internal app and This is an internal app that we have created and Click Finish 

Assign Users

In this section, we will assign the Okta users to Prolaborate application. Click on Assignments tab.

  1. Click Assign button to select Assign to People

2. Click on Assign on the users to whom you want to give access to Prolaborate in Assign Prolaborate to People page. 

3. Username will be shown and Click on Save and Go Back. You can repeat #2 and #3 to add as multiple users.

4. The users whom we have selected will now show up in Assignment tab. 

Sign On Tab

In this section, we will configure the Identity provider to your Prolaborate. Click on Sign On tab

  1. Click on View Setup Instructions

2. Identity Provider Configuration details will be shown in a new tab. 

  1. Identity Provider Single Sign-On URL should be used as Sign In URL field in Prolaborate Identity Provider configuration
  2. Identity Provider Single Logout URL used as Sign Out URL field in Prolaborate Identity Provider configuration.
  3. Identity Provider Issuer used as Name field in Prolaborate Identity Provider configuration respectively.
  4. Click on Download Certificate to download the .cer file and it is used as Certificate field in Prolaborate Identity Provider configuration respectively.

Identity Provider Configuration

Go back to Prolaborate, click on Menu → SAML Settings .

Fill the Identity Provider Configuration as per the instructions below:

  1. Select your Identity Provider as Others .
  2. Fill Name using Identity Provider Issuer URL availed from from Okta configuration (Refer to the section Sign On Tab).
  3. Fill Sign In URL using Identity Provider Single Sign-On URL availed from from Okta configuration (Refer to the section Sign On Tab).
  4. Fill Sign Out URL using Identity Provider Single Logout URL availed from from Okta configuration (Refer to the section Sign On Tab).
  5. Choose the .cer Certificate file from Okta Configuration (Refer to the section Sign On Tab).

Default Access Control Profile

Click on Manage Profiles to create a new profile.

Click on Create Profile.

Give a Name to the Profile and configure permissions.

This is the permission that will be provided to all the users logging into Prolaborate using their SSO credentials.

You can choose any one of the following options:

  1. Give access to all repositories – Any user logging with their SSO credentials will be given access to all repositories
  2. Specify access – Any user logging with their SSO credentials will be added to the user groups you have specified after selecting the repositories

Click Save.

Now, go back to SAML Settings page.

Select the newly created profile and click Save.

Log in with Okta Credentials

Once the configuration is done, your users will start to see a new button on the login page called Login with SSO .

When they click on Login with SSO,

They will be redirected to an URL as per configuration. They can then give their OKTA credentials to login to Prolaborate.

You will be redirected to Prolaborate successfully if the configuration is done right as said in the document.

Note the Repositories you see will be based on Default Access Control Profile

Please check the configuration if you are not logged in to Prolaborate.

Logging out from Prolaborate

When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session.

sparxsystems-logo-inverted

Start Here
Book a Demo