How to Configure SAML 2.0 for Ekarda

Contents

• Supported Features
• Configuration Steps
• Notes
• Custom Attributes

---

Supported Features

The Okta/Ekarda SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Login to Ekarda as an administrator.

2. Navigate to Admin > My Account.

   

3. Scroll down to the SAML SETTINGS section, and enter the following (see screen shot at end of step for reference):

   1. Make a copy of the Company ID value.

   2. Select Enable SAML.

   3. IDP Entity ID: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

   4. IDP Login URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

   5. IDP x509 Certificate: Enter the following:

      Sign into the Okta Admin Dashboard to generate this variable.

   6. Configure the ATTRIBUTE section as follows:

      • Email: Enter email.

      • Username: Enter username.

      • First Name: Enter FirstName.

      • Last Name: Enter LastName.

   7. OPTIONAL: Select CompanyId for JIT if you want to only provision new accounts for a subset of your employees. You should configure the CompanyId attribute in Ekarda app for those employees. Refer to the Custom Attributes section below.

   8. Click Update at the bottom of the page.

   

4. In Okta, select the Sign On tab for the Ekarda app, then click Edit.

   • Enter the Company ID value you made a copy of in step 3a into the corresponding field.

   • Click Save.

   

5. Done!

---

Notes

The following SAML attributes are supported:

Name	Value
FirstName	user.firstName
LastName	user.lastName
email	user.userName
username	user.userName
CompanyID	appuser.companyID

SP-initiated SSO

1. Go to the https://my.ekarda.com/users/login/[YourCompanyID] page.

2. Click the Login With OKTA button.

   

---

Custom Attributes

OPTIONAL

By default Okta only sends 4 saml attributes in the SAML assertion: FirstName, LastName, email, and username.

To send custom attribute companyID, follow the steps below:

1. In Okta, from the Admin dashboard, navigate to Directory > Profile Editor:

   

2. Search for your Ekarda app, then click the Profile edit button:

   

3. Click Add Attribute, then enter the following information:

   • Display Name: Enter companyID.

   • Variable name: Enter companyID.

   • Click Save.

   

4. Scope: If you do not check User personal, the current attribute will be available both once you assign a single user to the Ekarda app and once you assign a group to the Ekarda app. For example:

   

5. Now when you assign users to the Ekarda SAML app, you can specify the attribute companyID:

   

6. Done!