Okta

How to Configure SAML 2.0 for Yodeck


Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign in through their regular log in page. They will only be able to access the app through the Okta service.

Backup URL

Yodeck does not provide backup log in URL where users can sign in using their normal username and password. You can contact Yodeck support to turn off SAML, if necessary.

Contents


Supported Features

The Okta/Yodeck SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Open the following URL in a browser: https://app.yodeck.com/api/v1/account/metadata/?digest_algo=sha256

  2. Locate, then save the X509Certificate value:

    yodeck1.png

  3. Create a new file in a text editor, in the following format:

    -----BEGIN CERTIFICATE-----
    [your X509Certificate value] (step 2)
    -----END CERTIFICATE-----
    
    
  4. Save the file as yodeck.cert:

    yodeck2.png

  5. In Okta, select the Sign On tab for the Yodeck app, then click Edit.

    • Default Relay State: Enter: https://app.yodeck.com/index.html.

    • Check Enable Single Logout.

    • Signature Certificate: Click Browse to locate the yodeck.cert file you saved earlier (step 4), then Upload it to Okta.

    • Click Save:

    yodeck3.png

  6. Login to your Yodeck instance as an administrator.

  7. Navigate to Account Settings > SSO (Single Sign On) from the top right dropdown menu.

  8. Select the SAML Setup tab, then enter the following:

    • Toggle the Enable SAML switch to ON.

    • Digest Algorithm: Select sha256.

    • Select the Import From URL radio button.

    • URL: Copy and paste the following Metadata URL into this field:

      Sign into the Okta Admin dashboard to generate this value.

    • Click Import.

    • Click Save:

    enter SAML config values into Yodeck

  9. A new tab with a prompt for your Okta credentials will appear in your browser.

  10. Enter your Okta credentials and wait for the SAML test login was successful and SAML SSO has been enabled for your account. message.

  11. Select the Advanced Settings tab, then enter the following:

    • Attribute name for NameID: Select Use default ("NameID").

    • User's Name: Select Overwrite name from SAML.

    • First Name SAML Attribute: Enter firstName.

    • Last Name SAML Attribute: Enter lastName.

    • Automatically Create Users: Turn this ON if you are going to enable JIT (Just In Time) Provisioning.

    • If you want to Use SAML Group Access to manage your users permissions: Switch this option to ON.

      Note: Yodeck doesn’t support creation of user with empty group value. If you turned this feature on, you must create appropriate user groups in Okta, assign required users to the groups and configure groups filter in Okta on the Sign On application tab. The Starts with rule with the value yodeck in order to send Okta groups which name are started with yodeck to the Yodeck instance we used in our example:

      enter SAML config values into Yodeck

    • Click Add Group Mapping in order to create appropriate mapping for groups received from Okta.

      Note: in our example we have two groups in Okta: yodeckadmin and yodeckuser with the following mapping on the application end:

      enter SAML config values into Yodeck- Advanced tab

      enter SAML config values into Yodeck- Advanced tab

    • Click Save:

    enter SAML config values into Yodeck

  12. Done!


Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Open the following URL: https://app.yodeck.com/login.

  2. Enter your Email.

  3. Click Continue:

  4. yodeck5.png