Okta

How to Configure SAML 2.0 for Litmos (Callidus Cloud)


Read this before you enable SAML

The Litmos integration in the Okta Integration Network (OIN) currently uses the old Litmos SSO URL (samllogin) which utilizes SHA1 algorithm. All customers are expected to use the new Litmos SSO URL (splogin) which uses SHA2 algorithm by September 30, 2018. Okta has added a feature that gives Okta admins the ability to switch to SHA2. We strongly recommend that you switch to SHA2 now.

Contents


Supported Features

The Okta/Litmos SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

A. Litmos App using SHA256 (updated SAML settings)

  1. In Okta, ensure you are on the version of the integration which utilizes SHA256 digest and signature algorithm. To check this:

    1. Navigate to the Litmos integration in your Okta admin console, then select the Single Sign-on tab.

    2. Scroll down the the ADVANCED SIGN-ON SETTINGS section and check the Use SHA256 Signature Algorithm for SAML checkbox.

    litmos_new_a.png

  2. Sign into your Litmos account.

  3. Click on the settings icon on the left side menu, then select Integrations:

    litmos_newb.png

  4. Select SAML 2.0 (Single Sign On):

    litmos_newc.png

  5. In the window that opens, DO NOT click on the Okta and OneLogin users click here link as this will take you to a set-up screen that uses the old Litmos SAML endpoint and SHA1 algorithm.

    Instead, copy and paste the following metadata file in the SAML Metadata field

    Important! Exclude the following first line of the metadata as Litmos gives an error if it is included in the metadata: <?xml version="1.0" encoding="UTF-8"?>.

    SAML Metadata:

    Sign in to Okta Admin app to have this variable generated for you.
  6. Click Save changes:

    litmos_newd.png

  7. Done!


B. Migration Guide for existing customers (switch to SHA2)

Before you Migrate

Migration Steps

  1. In Okta, ensure you are on the version of the integration which utilizes SHA256 digest and signature algorithm. To check this:

    1. Navigate to the Litmos integration in your Okta admin console, then select the Single Sign-on tab.

    2. Scroll down the the ADVANCED SIGN-ON SETTINGS section and check the Use SHA256 Signature Algorithm for SAML checkbox.

    litmos_new_a.png

  2. Sign into your Litmos account.

  3. Click on the settings icon on the left side menu, then select Integrations:

    litmos_newj.png

  4. Select SAML 2.0 (Single Sign On):

    litmos_newk.png

  5. Uncheck the Enable SAML checkbox, then click Save changes:

    litmos_newl.png

  6. Again, select SAML 2.0 (Single Sign On):

    litmos_newm.png

  7. In the window that opens, DO NOT click on the Okta and OneLogin users click here link as this will take you to a set-up screen that uses the old Litmos SAML endpoint and SHA1 algorithm.

    Instead, copy and paste the above generated metadata file into the SAML metadata field.

    Important! Exclude the following first line of the metadata as Litmos gives an error if it is included in the metadata: <?xml version="1.0" encoding="UTF-8"?>.

    litmos_newn.png

  8. Done!


Notes