How to Configure SAML 2.0 for Zudy Vinyl

1. Login to Zudy Vinyl as an Administrator.

2. Navigate to Vinyl Configuration > Security Providers.

3. In the Providers section, click Add.



4. On the new page, in the Provider section, enter the following:

   • Name: Enter Okta.

   • Type: Select SAML.

   • Priority: Enter 10. Note that this value must be a unique integer between 10 and 100.

   • Check User Provisioning to enable Just In Time (JIT) user provisioning.

   • Check Supplies Group Membership to indicate that Okta has been configured to pass user group membership.

   • Click Save.

   

5. In the Properties section, enter the following:

   • Click Add, then select the MetadataEndpoint parameter from the dropdown list.

   • Copy and paste the following Metadata URL.

     Sign in to the Okta Admin app to have this variable generated for you

   • Check the Save icon (check mark).

   

6. Still in the Properties section, enter the following:

   • Click Add, then select the GroupAttribute parameter from the dropdown list.

   • Enter Groups for the value.

   • Check the Save icon (check mark).

   

7. In the Provider section:

   • Click the Edit button

   • Check the Enabled option.

   • Click the Save button.

   

8. Navigate to Vinyl - User Management > Providers.

9. Enter the following:

   • In the Providers panel, select Okta security provider.

   • In the Provider Groups panel, click Add.

   • In the Identifier field, enter a group name (which will be sent from Okta).

   • In the Group field, enter the corresponding Vinyl Group (Administrators in our example).

   • Click Save.

   

10. In Okta, select the General field, tab for the Vinyl app.

    • Click Edit

    • Enter your ACS URL. For example if you log into https://acme.com/ and your provider name is Okta (the Name entered in step 4), you need to enter https://acme.com/signin-Okta.

    • Enter your Audience Restriction. For example if you log into https://acme.com/ just enter https://acme.com/.

    • Click Save.

    

11. In Okta, select the Sign On field, tab for the Vinyl app.

    • Click Edit

    • Select your preferred Group filter from the dropdown list. Use the Regex rule with the value ".*" in order to send *all* groups to the Vinyl instance, as shown in our our example).

    • Click Save.

    

12. Done!

    Notes:

    IdP-initiated flows, SP-initiated flows, and Just In Time (JIT) provisioning are all supported.
    
    

    For SP-initiated Flows:

    1. Open the Vinyl login page

    2. Click Sign in with Okta.