Single Sign-On for Okta

Support
1

How to Set Up Single Sign-On For Okta

Creating the App in Okta

  1. Log in to your Okta account.

  2. In the sidebar click to expand the Applications menu > click Application.

  3. Click Create App Integration.
     

    Applications
    Applications710×352 39.7 KB

     

  4. In the popup box, select SAML 2.0 > Next.
     

    Create App Integration|
    Create App Integration|936×504 67.7 KB

     
    Note: Okta includes a preconfigured Bluescape enterprise application in their Applications list. It would help if you did not use it as it is not configured correctly for the current release.
     

  5. On the Create SAML Integration screen, enter the app name and click Next.
     

    Create SAML Integration
    Create SAML Integration780×450 30.9 KB

     

  6. The SAML settings screen opens. Complete the following substeps:
     
    a. Enter the following in the Single sign-on URL field:

    https://identity-api.<domain>/api/authenticate/<IdentityProvider.uid>

     
    Note: The final part of the URL–acs_id – is only a placeholder. It updates later with the actual ID of the SAML provider after the provider is added in Bluescape.
     

    b. Enter the following in the Audience URI (SP Entity ID) field.

    https://portal.apps.us.bluescape.com/saml/metadata/customer_saml_provider_name

    Note: The final part of the URL– customer_saml_provider_name – is only a placeholder. It updates later with the actual ID of the SAML provider after the provider is added in Bluescape.

    c. Leave the Default RelayState field blank.

    d. Set the Name ID format field to Email Address.

    e. Set the Application username field to Email.

    f. Leave the Update application username on field unchanged.
     

    SAML Settings
    SAML Settings634×528 52.1 KB

     

  7. Scroll down to the Attribute Statements section and enter the following four attributes to provision users on Bluescape:
     

    Attribute Statements
    Attribute Statements772×302 16.9 KB

     

    Name Name Format Value
    User.FirstName Unspecified user.firstName
    User.LastName Unspecified user.lastName
    User.Email Unspecified user.email
    user_guid Unspecified user.id

    Note on user_guid: If you choose to use a value other than user.id, the value must be unique for each user and unchangeable, even if the user’s email changes.
     

    Attribute Statements (optional)
    Attribute Statements (optional)838×530 42.5 KB

  8. Click Next.

  9. (Optional) In the final section of the screen, provide feedback to Okta.

  10. To complete this stage of the setup, click Finish.
    Grabbing the Metadata URL to Provide Bluescape Support

  11. On the Sign-On screen that opens, scroll down to the SAML Signing Certificates.

  12. Click on Actions for the active certificate to open the actions dropdown.
     

    SAML Signing Certificates Header
    SAML Signing Certificates Header828×114 10.7 KB

    SAML Signing Certificates
    SAML Signing Certificates770×352 26.4 KB

     

  13. Select View ldP metadata.

  14. A new browser tab opens. Copy the URL and provide it to Bluescape Support.
    The link should be similar to the following example:

    https://dev-175540.oktapreview.com/app/exke45jvh82t316wU0h7/sso/saml/metadata

Updating the App Login URL’s in Okta

  1. Bluescape Support creates a new SAML provider and sends you its ID.

  2. At the top of the section, click the General tab.

  3. Scroll down to the SAML Settings field and click Edit.

  4. On the General Settings screen that opens, click Next.

  5. In the Single sign-on URL and Audience URI (SP Entity ID), replace the placeholder value, which is currently ID, with the ID you got from Bluescape Support in Step 15.
     
    Single sign-on URL = ASC URL
    Audience URI (SP Entity ID) = Entity ID URL


Now, go try it in your workspace! :bluescape_home:

2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.