Okta

How to Configure SAML 2.0 for OutSystems v.599

Contents

Supported Features

The Okta/OutSystems v.599 SAML integration currently supports the following features:

Configuration Steps

  1. Login to OutSystems (https://www.outsystems.com/home/login.aspx).

  2. Navigate to Downloads, then download and install the OutSystems Development Environment:

    outsystems_1.png

  3. Open your OutSystems Development Environment and click Install Application:

    outsystems_2.png

  4. Locate IdP, then install the IdP Connector:

    outsystems_3.png

  5. Click IdP, then click OPEN IN BROWSER:

    outsystems_4.png

  6. Select Configuration (type your username/password and click Login), then follow the steps below:

    • Copy and save the following metadata file, then click Import from IdP/federation metadata xml and locate and upload it to OutSystems:

      Sign into the Okta Admin dashboard to generate this value.

    • Click Save.

    outsystems_5.png

  7. Navigate to the SP Connector settings and Claims tab, then follow the steps below (see screen shot at end of step for reference):

    • SP Issuer/Entity ID: Enter: https://[your-subdomain].outsystemscloud.com/IdP/SSO.aspx.

    • IdPConnector (SP) Keystore: Click Auto generate KeyStore.

    • For the Claims section:

      • Given Name Attribute: Enter firstName.

      • Surname Attribute: Enter lastName.

      • Email Attribute: Enter email.

      • Group: Enter group.

      • Click Save.

    outsystems_6.png

  8. In Okta, select the General tab for the OutSystems v599 SAML app, then click Edit.

    • Enter your Base URL into the corresponding field.

    • Click Save.

    outsystems_7.png

  9. Go back to your OutSystems Development Environment (that you installed in step 2) from the IdP Connector page select the IdP SAML Connector module:

    outsystems_8.png

  10. From Interface navigate to CommonFlow > NoPermission, then double-click Preparation.

    outsystems_9.png

  11. Follow the steps below to update the current flow:

    • Add If element with the label Site.IDP_SSO_IsActive? and set the Condition to True:

      outsystems_10.png

    • Add the element IdP_SSO_URL from the Logic tab.

    • Copy and paste the CommonFlow\ExternalURL element and set the URL to IdP_SSO_URL.URL.

    • Click the green button above:

      • outsystems_11.png

  12. Once the deploying process is finished you can test the SSO.

    Click on the blue button above, then on the web page select the Configuration tab OR go directly to https://[your-subdomain].outsystemscloud.com/IdP/Configuration.aspx.

    outsystems_12.png

  13. In the OutSystems Development Environment, add the desired application.

    Note: If you require a tutorial, you can click help and select Build a Mobile App in 5 min or Build a Web App in 5 min.

    outsystems_13.png

  14. To enable SSO for the application installed in step 13 above, in your OutSystems Development Environment, select the App module from the App page:

    outsystems_14.png

  15. From Interface, navigate to CommonFlow > NoPermission, then double-click Preparation. Then repeat step 12 for your application flow.

    outsystems_15.png

  16. Once the deployment process is finished, you can test the SSO. Click on the blue button above OR go directly to https://[your-subdomain].outsystemscloud.com/[your-app-name].

  17. Optional: Group attribute steps:

    • To send groups as a part of SAML assertion, in Okta select the Sign On tab for the OutSystems app, then click Edit.

    • Select the appropriate group filter from the drop-down menu, then type the preferred value into the field.

    • Click Save.

    outsystems_16.png

  18. Done!

Notes

The following SAML attributes are supported:

SP-initiated SSO

Go to: Go to https://[your-subdomain].outsystemscloud.com/[your-app-name].