Okta is a comprehensive identity and access management platform designed to simplify user authentication and enhance security. Okta supports Single Sign-On (SSO) with Enable, to simplify and secure user authentication.
While Okta offers a variety of features including System for Cross-domain Identity Management (SCIM) for automated user provisioning, Enable does not currently support SCIM through Okta. User provisioning is managed directly within Enable.
If you are interested in using SSO with Okta but have not yet discussed your requirements with Enable, please reach out to the reach out to the Enable Support team.
This article will guide you through:
- Requirements for integrating SSO with Okta
- SSO information provided by Enable
- SSO process steps you need to follow
Looking for something else?
- Looking to understand which users are logging in with SSO? Learn how to track SSO via the user activity log here.
- Alternatively, see our Help Center for more on SSO.
Requirements for integrating SSO with Okta
In order to integrate SSO with Okta for Enable, you must have:
- An Okta organisation account.
- Administrative access to the Okta organisation to configure SSO. Ensure that you have super admin access (highest level of administrative access) to the Okta organisation.
Note: If your organization is not registered with Okta, you must set up an Okta account. This registration is required for making use of the SAML 2.0 features offered by Okta.
SSO information provided by Enable
To set up SSO with Enable, the following information is required for configuration on your end. Enable will provide the below SSO credentials.
|
SSO Credentials |
Description |
|
Entity ID |
The unique identifier for the SAML application in Enable. This is used to identify the application during login. |
|
Sign-on URL |
The SAML SSO URL where users are re-directed to start the login process. This is the same link as the SSO login URL for your users. |
|
ACS URL |
The URL where SAML assertions (login information) are sent after users have successfully logged in. Enable sends the SAML response to this URL to complete the login process. |
|
Logout URL |
The URL where users are redirected after logging out. This ensures that users are signed out from Enable and any other applications integrated with Okta. |
|
Enable public service certificate |
The certificate used to securely send and verify login information. Ensures that SSO assertions are secure and can be verified by the application. |
Tip: If preferred, to simplify the configuration process, you can also request the Enable metadata XML file from Enable that includes all of the above credentials.
SSO process steps you need to follow
Follow the step by step instructions below to configure SSO with Okta.
Step 1: Log in to Okta Admin Console
- Navigate to the Okta Admin Console and log in with your administrators credentials.
- In the navigation pane on the left, click on Applications.
- Click on Add Application.
- Search for Enable in the Okta Integration Network. If the application is not available, select Create New App to add it manually.
- Choose SAML 2.0 as the sign-on method and click Create.
Step 2: Configure SAML settings
- Provide a name for your application (Enable) and any other required details such as the App logo, and visibility settings. Click Next.
- Configure the SSO credentials provided by Enable including the Entity ID, and ACS URL.
- Keep the Default RelayState blank.
- For the Name ID format, select EmailAddress and the Application username as Email. If available, Enable can alternatively support a custom unique user ID as the Name ID.
- Click on Show Advanced Settings. Ensure that the Sign SAML response option is checked. This ensures that the SAML response is signed with the certificate, providing an additional layer of security.
Step 3: Configure Attribute Statements (optional)
- On the Attribute Statements page, add any additional attributes required by Enable. For example, first name, last name, and email.
Tip: If required, configure role mappings in the Group Attribute Statements section. For more information, learn more from Okta here.
Step 4: Assign Users and Groups
- Navigate back to the Application settings and under the Assignments tab, click on Assign.
- Select the users or groups you want to assign access to Enable by clicking on Assign to People or Assign to Groups. IdP Role Mapping enables user groups to directly log in to your SSO-enabled organization (without invitation) with the assigned permissions through role mapping.
- Click Done.
Step 5: Configuring Enable in Okta
- In the Application settings, click on the Sign On tab.
- Click on View Setup Instructions additional settings for your Enable application. The SSO URL, Entity ID and Certificate fields are automatically populated. These credentials will be used to configure SSO in Enable.
Tip: In the Identity Provider Metadata section, you have the option to download the Federation Metadata XML file to provide to Enable. This includes the certificate and all the credentials needed to set up SSO on Enable’s side.
What’s next?
Ready to verify that SSO is working? Learn more about testing and troubleshooting SSO here.