Okta

How to Configure SAML 2.0 for IntelligenceBank

Contents


Supported Features

The Okta/IntelligenceBank SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Sign in to your IntelligenceBank instance as an administrator.

  2. Select the AUTHENTICATOR tab, then click Add New:

    Select the AUTHENTICATOR tab, then click Add New

  3. Enter the following:

    • Name and Host: Copy and paste the following into both these fields:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Disabled: When you are ready to turn the Authenticator on, update this to Disabled: Off. All users will be enabled as SSO Users by default.

      Note: To disable SSO authentication for select users, go to their user profile under Admin > Users, and enable the IntelligenceBank Login option.

    • Type: Select SAML.

    • RemoteURL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • [OPTIONAL: GROUPS] Group Value(s) Mapping: Check this if you want to pass Okta groups as part of SAML response. See step 7 in order to configure groups attribute in Okta.

      • Select values for Only Map Group Value(s) on User Auto-Creation and Group Value(s) Mapping Type options.

    • ServiceProvider: Enter a custom name value for this integration, for example: IntelligenceBank.

    • Enter SAML config values

    • CertData: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Enter SAML config values

    • OPTIONAL: You can enter your Organization name into the OrganizationName and OrganizationDisplayName fields.

    • SignAuthnrequest: Check this box.

    • OPTIONAL: Enter a logout action destination URL into the SingleLogoutService field, for example: https://ssodemo.intelligencebank.com/logout.

    • Click SAVE:

    • Enter SAML config values

  4. In Okta, select the Sign On tab for the IntelligenceBank app, then click Edit.

    • [OPTIONAL: GROUPS] Select your preferred groups filter from the dropdown list.

      The Regex rule with the value .* in order to send all Okta groups to the IntelligenceBank instance we used in our example shown below.

    • Configure groups in Okta

    • Scroll down to the ADVANCED SIGN-ON SETTINGS section.

    • Enter your Base URL value. For example, if you log into https://acme.intelligencebank.com/, enter: https://acme.intelligencebank.com

    • Service provider: Enter the value from step 3.

    • Application username format: select Email.

    • Click Save:

    • Enter Base URL, service Provider Values, application username format = email

  5. Done!


Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Go to the IntelligenceBank login URL.

  2. Click the Login here link for Single Sign On Users:

    go to IntelligenceBank login URL, click Login here link