Okta

How to Configure SAML 2.0 for Sage Live

  1. Log in to Sage Live with your administrator username and password token.

  2. Navigate to Setup > Security Controls > Single Sign-On Settings.

  3. Select Edit.

    “sagelive1.png"

  4. Check the SAML Enabled box, then click Save.

    “sagelive2.png"

  5. Select New.

    “sagelive3.png"

  6. Enter the following values in the corresponding fields (see screen shot at end of this step for reference):

    • Issuer: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Identity Provider Certificate: First download this certificate:

      Sign into the Okta Admin Dashboard to generate this variable.

      Then select Choose File, and select the file you just downloaded.

    • Request Signing Certificate: Select Default Certificate.

    • Request Signature Method: Select RSA-SHA256.

    • Assertion Decryption Certificate: Select Assertion not encrypted.

    • SAML Identity Type: Select Assertion contains User's salesforce.com username.

    • SAML Identity Location: Select Identity is in the NameIdentifier element of the Subject statement.

    • Service Provider Initiated Request Binding: Select HTTP POST.

    • Identity Provider Login URL: Copy and paste the following.

      Sign into the Okta Admin Dashboard to generate this variable.

    • Identity Provider Logout URL: Copy and paste the following.

      Sign into the Okta Admin Dashboard to generate this variable.

    • Entity ID:

      If you are using your custom domain for your Entity ID in Salesforce, enter your Entity ID, otherwise enter as default https://saml.salesforce.com.

    • Click Save:

    “sagelive4.png"

  7. Make a copy of the Salesforce Login URL from the SAML Single Sign-On Setting Detail:

    “sagelive5.png"

  8. In Okta, select the General tab for the Sage Live app, then click Edit and enter the following:

    • Paste the Salesforce Login URL value you just copied int the ACS URL field.

    • If you are using your custom domain for your Entity ID in Salesforce, enter your Entity ID, otherwise enter as default https://saml.salesforce.com into the Entity ID field.

    • Click Save.

    “sagelive6.png"

  9. In Salesforce, navigate to Setup > Domain Management > Domains, then select your domains:

    “sagelive7.png"

  10. On the Login Page Settings section, select Edit.

    “sagelive8.png"

  11. Select the Okta checkbox, then click Save.

    “sagelive9.png"

  12. Done!


Notes:

SP-initiated flows and IDP-initiated flows are supported.

Just In Time (JIT) provisioning is not supported.


For SP-initiated flows

  1. Open your Salesforce login page.

  2. Click Okta.

    3. “sagelive10.png"