The Okta/Bright Funds SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Log in to your Bright Funds instance as an administrator.
Navigate to Settings > Log In settings:
In the Email section, click Manage:
Check Allow people to log in via email and password:
Important: Do not uncheck this box until the SAML configuration has been tested successfully.
Click Save.
In the Single Sign-on section, click Manage:
In the Single Sign-on section, check Enable Single Sign-On:
In the Configuration settings section, enter the following:
Sign-On URL: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Check Auto Provision Users in order to enable Just In Time Provisioning.
Name ID Format: Select Email:
Save the Base URL from the Bright Funds Entity Id value.
For example: If your Bright Funds Entity Id value is https://acme.brightfunds.org/auth/saml/consume
Your Base URL value is https://acme.brightfunds.org:
In the Certificates section, enter the following:
Certificate Name: Enter Okta.
Certificate: Copy and paste the following:
Sign into the Okta Admin Dashboard to generate this variable.
Check Active.
Click Add new certificate.
Click Save:
In Okta, select the Sign On tab for the Bright Funds app.
Scroll down to the ADVANCED SIGN-ON SETTINGS section.
Enter the Base URL value from step 9 into the corresponding field.
Click Save:
Done!
The following SAML attributes are supported:
Name | Value |
---|---|
firstName | user.firstName |
lastName | user.lastName |
Open your Bright Funds login URL.
Under the Log in with single sign-on option, click Continue: