The Okta/Infor CloudSuite SAML integration currently supports the following features:
SP-initiated Single Logout (optional)
If you are not going to use SLO skip the steps that are marked as [Optional SLO], and highlighted in blue font.
For more information on the listed features, visit the Okta Glossary.
Sign in to Infor CloudSuite tenant as an administrator.
In the upper-right corner click the user icon, then select User Management.
On the left side click the application menu icon, then go to Security Administration > Federated Security.
Expand Federated Security then click the + (plus) icon.
Enter the following:
Select SAML 2.0 Enabled.
Select Authenticate with InforSTS.
Display Name: Enter Okta.
Import SAML Metadata: Save the following metadata as metadata.xml, then locate it by clicking FROM FILE
Sign into the Okta Admin dashboard to generate this value.
Click IMPORT.
[Optional SLO]: Check Enable Identity Provider Single Logoff.
[Optional SLO]: Select HTTP Post and enter the following Logout URL:
Sign into the Okta Admin Dashboard to generate this variable.
Assertion Identity Key: Select Identity is a NameIdentifier element of the Subject statement.
IFS user lookup field: Select Username.
Service Provider Information: Click VIEW.
Make a copy of the Entity ID.
Make a copy of the Assertion Consumer Service.
[Optional SLO]: Click DOWNLOAD and save the Primary Certificate.
[Optional SLO]: Make a copy of the Single Logoff Service.
Click CANCEL.
Click the Save icon at the top of the page.
To enable JIT still on the page scroll down and check JIT user Provisioning Enabled.
NOTE: If you are going to enable SCIM skip this step and move to step 13.
First Name claim: Enter a firstname value.
Last Name claim: Enter a lastname value.
Email Address claim: Enter an email value.
Go to Security Administration > Authentication URL Options.
Check the Allow users to choose the authentication mode option.
Click the Save icon.
In Okta, select the Sign On tab for the Infor CloudSuite SAML app, then click Edit:
Base URL (old): Leave this empty.
Enter your Assertion Consumer Service and Entity ID values (step 10) into the corresponding fields.
Click Save.
[Optional SLO]: In Okta, select the Sign On tab for the Infor CloudSuite SAML app, then click Edit:
Select Enable Single Logout.
Signature Certificate: Upload the certificate you saved in step 10.
Single Logoff Service (optional): Enter Single Logoff Service value (step 10).
Click Save.
Done!
The following SAML attributes are supported:
| Name | Value |
|---|---|
| firstname | user.firstName |
| lastname | user.lastName |
| user.userName |
Go to your default Authentication URL.
To obtain the default URL, go to User Management > Security Administration > Authentication URL Options.