How to Configure SAML 2.0 for Nimeyo qPod

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Nimeyo SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

---

Configuration Steps

1. Log into Nimeyo qPod as an administrator.
2. Navigate to the Administration Center, then select the Admin tab:
   

   

3. Select the Plugins tab, then scroll down and select options:

   

4. Scroll down to the Okta Settings, and do the following (screen shot at end of step for reference):
   
   • Check the Enable Okta box.
   • Okta App ID: Copy and paste the following into this field:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Okta App Secret: Copy and paste the following IDP Metadata into this field:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Scroll down and click Save Changes.

   

   
   

   

5. In order to send Okta Groups as part of the SAML assertion, do the following:
   • In Okta, select the Sign On tab for the Nimeyo qPod app, then click Edit.

   • Select your preferred groups filter from the dropdown list.

     The Regex rule with the value ".*" in order to send *all* Okta groups to the Nimeyo qPod instance we used in our example shown below.

   • Click Save.

   

6. Done!

---

Notes

• Make sure that you entered the correct value in the subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Nimeyo.




• The following SAML attributes are supported:

  Okta sends the following default attributes as part of the SAML assertion:

  Name	Value
  userName	user.userName
  email	user.userName
  firstName	user.firstName
  lastName	user.lastName
  groups	This will be configured in the app UI; see groups attribute instructions above.

  In addition to the default attributes, Okta supports the following custom attributes:

  Name	Value
  title	appuser.title
  displayName	appuser.displayName
  city	appuser.city
  state	appuser.state
  countryCode	appuser.countryCode
  organization	appuser.organization
  division	appuser.division
  department	appuser.department

Here is an example describing how to add and use the additional organization attribute:

1. In Okta, navigate to Directory > Profile Editor.

2. Search for the Nimeyo qPod app, then click Profile:



3. Click Add Attribute, then enter the following:

   1. Display Name: Enter a preferred attribute name. In our example, we used Organization.

   2. Variable Name: organization.

      Important: In our example we are adding the organization attribute. You must use the following variables names for the custom attributes: title, displayName, city, state, countryCode, organization, division, department.

   3. Click either Add Attribute or Save, and Add Another.

   Note: Scope (optional): If you check User personal, it means that the current attribute will be available once you assign the user to the Nimeyo qPod application and will not be available once you assign the group to the app.

   

4. Click Map Attributes:

   

5. Select the Okta to Nimeyo qPod tab.

6. Start typing the required attribute from the Okta Base User profile (or use the drop down list) and select the attributes you want to map.

7. In our example, we have selected the Organization< attribute, then use the green arrows (Apply mapping on user create and update).

8. Click Save Mappings:



9. Click Apply Updates Now:



10. Okta will now pass the company attribute with the value of the Organization field from the Okta Base User Profile.

SP-initiated SSO

1. Go to your login URL.

2. Scroll down to the Login through an external provider section.

3. Select Login using Okta: