How to Configure SAML 2.0 for Sage People

Contents

• Supported Features
• Configuration Steps
• Notes

---

Supported Features

The Okta/Sage SAML integration currently supports the following features:

• IdP-initiated SSO
• SP-initiated SSO
• Force Authentication

---

Configuration Steps

1. Log in to your Sage administrator account using the same administrator username and password that you use for Provisioning in Okta.

2. In the upper right, select your login, then select Setup from the dropdown menu.

   

3. On the Setup page, select Security Controls > Single Sign-On Settings from the left navigation pane:

   

4. On the Single Sign-On Settings page, make sure the SAML enabled box is checked, then click New:

   

5. On the SAML Single Sign-On Settings page, enter the following (see screenshot at end of step for reference):

   • If you have multiple end-points enabled, you may need to setup a Name and API Name. Set these values accordingly.

   • Set the SAML Version to 2.0.

   • For Issuer, copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • For Entity ID:

     • If you have a custom Cloudforce domain setup, enter your Cloudforce domain url, for example https://acme.cloudforce.com

     • If you do not have a custom domain setup, use https://saml.salesforce.com

   • For Identity Provider Certificate, download, then upload the following certificate:

     Sign into the Okta Admin Dashboard to generate this variable.

   • Set the SAML Identity Type to Assertion contains User's salesforce.com username.

   • Set the SAML Identity Location to User ID/identity is in the NameIdentifier element of the Subject statement.

   • For Service Identity Provider Initiated Request Binding, select HTTP POST

   • For Identity Provider Login URL, copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

   • For Identity Provider Logout URL, copy and paste the following:

     Sign into the Okta Admin Dashboard to generate this variable.

     This URL sends your users to their Okta home page when they log out of Sage.

   • Click Save.

   

6. Once you click Save the following page will appear, make note of the Salesforce Login URL:

   

7. In Okta, select the Sign On tab for the Sage app, click Edit then enter the following:

   • Enter the Salesforce Login URL in the Login URL field.

   • If you are using a custom domain, enter that value in the Custom Domain field, otherwise, leave it blank.

   • Click Save.

   

8. Done!

---

Notes

SP-initiated SSO

1. In Sage, select Domain Management > My Domain.

2. In the Authentication Configuration section, click Edit.

   

3. Check the Authentication Service(s) you created, then click Save.