How to Configure SAML 2.0 for Hightower

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Hightower SAML integration currently supports the following features:

• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Configuration Steps

1. Contact Hightower Support and request that they enable SAML for your app.

2. Provide the following information:

   • x.509 Certificate. Either:

     • Download then attach the x.509 Certificate in .cert format:

       Sign into the Okta Admin Dashboard to generate this variable.

     • Cut and paste the x.509 Certificate in text format:

       Sign into the Okta Admin Dashboard to generate this variable.

   • Login URL/SignOn URL:

     Sign into the Okta Admin Dashboard to generate this variable.

   • IDP Issuer/Entity ID:

     Sign into the Okta Admin Dashboard to generate this variable.

3. Hightower will process your request and provide you with the ACS URL and Audience Restriction values.

4. In Okta, select the Sign On tab for the Hightower app, then click Edit.

   • Scroll down to the ADVANCED SIGN-ON SETTINGS section.

   • Enter the ACS URL and Audience Restriction values from step 3 into the corresponding fields.

   • Click Save:

   

5. Done!

---

Notes

The following SAML attributes are supported:

Name	Value
name	user.userName

SP-initiated SSO

Go to: https://app.gethightower.com/users/sign_in.