Search here...
< All Topics
Print

Prolaborate and OKTA SAML Integration

Prerequisites 

Your Prolaborate site should have a valid SSL Certificate. 

You can create a self-signed certificate yourself if you don’t have an SSL certificate. Please contact the Prolaborate team to learn more. 

Service Provider Configuration 

To configure the Service Provider, click on Menu > SAML Settings

From the top of the page that opens, click on Enable SSO. 

Name Name will be prefilled
Assertion Consumer URL Assertion Consumer URL will be Prefilled
Certificate File Choose the .pfx file of your SSL certificate
Certificate Password Enter the Password of the .pfx file

Configuring Prolaborate in Okta 

The following sections will elaborate on the steps involved in setting up Prolaborate in Okta.

Create a new SAML Application

To create a SAML application, follow the below steps:
Log in to your Okta account as a user with administrative privileges. Click on the Admin button. 

 Click on the Applications tab. 

Click on Create App Integration button 

Select the Sign-in method as SAML 2.0 and click on the Next button. 

General Settings 

Fill the fields in General settings as per the instructions below and click on Next. 

App name   Enter your Application Name (say Prolaborate). 
App logo (Optional)  Review the tooltips for details about the type of image you can use for your logo. 
App visibility  You can leave these options unchecked. 

Configure SAML 

Fill the details in Section A – SAML Settings as per the instructions below.
 

Single sign on URL   Fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration). 
Audience URI (SP Entity ID)   Fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration). 
Use this for Recipient URL and Destination URL  Select this box as the recipient and destination URL to be the same. 

Click on Show Advanced Settings

  1. Check the Enable Single Logout to allow the application to initiate single logout. 
Single Logout URL    Get Name fields from Prolaborate Service Provider configuration as stated above (In section Service provider Configuration). 
For example, https://localhost/saml/sls 
SP Issuer   Enter the URL from the Service Provider Name field from Prolaborate 
Signature Certificate   Browse SSL certificate (.cer  file) of Prolaborate instance and click on Upload Certificate  
Attributes names  Values
First name user.firstName 
Last Name  user.lastName 
Email  user.email 
Group  Usergroup 

You need not change any other settings as Section B is not needed for Prolaborate. You can just click on Next

Feedback tab 

  1. In the Feedback tab, select I’m an Okta customer adding an internal appand This is an internal app that we have created, and Click Finish 

Assign Users 

In this section, we will assign the Okta users to the Prolaborate application. Click on the Assignments tab. 

Click on Assign on the users to whom you want to give access to Prolaborate on Assign Prolaborate to People page. 

The users whom we have selected will now show up in the Assignment tab 

Assign Groups 

In this section, we will assign the Okta Groups to the Prolaborate application.  

Click on the Assignments tab. Click on the Assign drop-down menu and Select ‘Assign Groups.’ 

A popup, along with a list of groups, will be shown. Select the appropriate groups from that list that you want the group to assign to the application.   

Click on Assign and confirm the action by clicking Save, which will assign the group to the application.   

The Okta group will now be shown in the application. Now, the members of this group will be able to access the Prolaborate application.   

Sign On Tab 

In this section, we will configure the Identity provider to your Prolaborate. Click on the Sign On tab 

  1. Click on View SAML Setup Instructions

Identity Provider Configuration details will be shown in a new tab 

Identity Provider Single Sign-On URL  Should be used as Sign In URL field in Prolaborate Identity Provider configuration 
Identity Provider Single Logout URL    Used as Sign Out URL field in Prolaborate Identity Provider configuration. 
Identity Provider Issuer    Used as Name field in Prolaborate Identity Provider configuration respectively.  
Click on Download Certificate to download the .cer file and it is used as the Certificate field in the Prolaborate Identity Provider configuration respectively. 

Identity Provider Configuration 

Go back to Prolaborate, and click on Menu → SAML Settings to configure the Identity Provider. 

The configuration in Prolaborate can be done in two methods: 

Manual Configuration

By default, users can enter the required details to configure manually. 

Fill the Identity Provider Configuration as per the instructions below: 

Name  Description 
Name Fill using Identity Provider Issuer URL availed from Okta configuration (Refer to the section Sign On Tab). 
Sign In URL Fill using Identity Provider Single Sign-On URL availed from Okta configuration (Refer to the section Sign On Tab). 
Sign Out URL Fill using Identity Provider Single Logout URL availed from Okta configuration (Refer to the section Sign On Tab). 
Certificate Choose the .cer Certificate file from Okta Configuration (Refer to the section Sign On Tab). 

Upload Metadata file 

To make IDP configuration more feasible and reduce human error and time, Prolaborate has introduced an option to upload the metadata file directly for IDP configuration from version 5.4. 

It will fill the Name, Sign In URL, Sign Out URL and the certificate automatically. 

Steps to Configure IDP Using Metadata File: 

  1. Go to the Okta Sign On page in your Okta admin portal and download the metadata file from this page. 
  2. Navigate to Prolaborate and choose the Metadata file option. 
  3. A pop-up will appear. Choose the metadata file you previously downloaded from Okta and click on Upload. 
  4. It will fill the Name, Sign In URL, Sign Out URL and the certificate automatically. 

Attribute Mappings 

Change the Attribute mapping into the Custom Mode and fill the following values in the respective fields. 

Attributes Mappings  Values
First Name  Firstname 
Last Name  Lastname 
Email  Email 
Note: Based on the claims, which is configured in SAML Application. Please choose the Email type. 
Group  Usergroup 

Configure Access Permissions 

Apply single access permission for all SSO users 

To apply a single access permission for all SSO users logging in to Prolaborate, select an Access Control Profile. 

When a user logs in, the access permission will be applied based on the selected access control profile. 

For detailed steps on how to create an Access Control Profile. Click here 

SAML Group-Based Restrictions 

SAML Group-Based Restrictions allow administrators to control user access by linking specific SAML groups to defined access control profiles. This ensures that users are granted permissions based on their group membership. 

  1. Enable SAML Group-Based Restrictions using the toggle. 
  1. Choose the required access control profile 
  1. Enter the OKTA group name from the OKTA admin portal 
  1. Click on the add button and repeat the steps if you wish you configure different access permissions for different SAML groups. 

Log in with Okta Credentials 

Once the configuration is done, users will start to see a new button on the login page called Login with SSO

When they click on Login with SSO

They will be redirected to an URL as per configuration. They can then give their OKTA credentials to login to Prolaborate. 

You will be redirected to Prolaborate successfully if the configuration is done right as said in the document. 

Note the Repositories you see will be based on Default Access Control Profile 

If you are experiencing challenges signing in using SSO, go to SAML Assertion Validation debug the SAML configurations. 

Logging out from Prolaborate 

When a user initiates a logout, the user will be logged out from all applications in the current Identity provider login session. 

sparxsystems-logo-inverted

Start Here
© Copyright 2025 | All Rights Reserved
Book a Demo