The Okta/MindTouch SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Contact your MindTouch Account Manager and request they enable SAML 2.0 for your account. For more information see SAML SSO - MindTouch setup.
Include the following information with your request:
Entity ID: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Single sign-on service: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Public X.509 certificate: Download, save, then attach the following:
Sign into the Okta Admin Dashboard to generate this variable.
The MindTouch Professional Services team will process your request and will provide you with the service provider metadata URL.
For example: https://example.com/@app/auth/[integrationid]/metadata.xml).
In the service provider metadata, make a copy of the entityID (this is your Audience Restriction (SP Entity ID)) and AssertionConsumerService (this is your ACS URL) values marked in red, below:
In Okta, select the Sign On tab for the MindTouch app, then click Edit.
Enter the Audience Restriction (SP Entity ID)) and ACS URL you made a copy of in step 4 into the corresponding fields.
Click Save:
Group Attribute Steps (optional): To send Groups as part of SAML Assertion, in Okta, select the Sign On tab for the MindTouch app, then click Edit.
Select the appropriate Group filter from the dropdown menu, then enter a preferred value.
Click Save.
Note: To send all groups a user is assigned to, select Regex and type .* (dot and asterix).
Done!
The following SAML attributes are supported:
| Name | Value |
|---|---|
| DisplayName | user.firstName user.lastName |
| EmailAddress | user.userName |
| FirstName | user.firstName |
| LastName | user.lastName |
| Group | This will be configured in the app UI; see Group attribute instructions (step 6) above. |
For SP-initiated flows go to the MindTouch app base URL.