This document will list the steps to configure Okta for Single Sign On with Resolution Intelligence Cloud.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Configure Okta SAML integration.
- Sign into the Okta Admin Console
- Use the Create App Integration wizard to add an application for use with Resolution Intelligence Cloud
- Select SAML 2.0
- Click Next
- Type a name for App
- Click Next
- In Sign on URL field, type https://auth.netenrich.com/login/callback
- In Audience URI (SP Entity ID) field, type urn:auth0:prod-netenrich:customernamesaml
NOTE: For “customername”, type your company name, this can be any name to uniquely identify the connection. Later this name will be used to configure the SAML connection in Resolution Intelligence Cloud
- In name ID format select EmailAddress.
- In Application username select Email
- Leave other fields to default.
- Click Next
- Select the options as shown in the above image and click Finish
- Click on the App that you have just created in Okta.
- Click Sign On
- Expand More details
Note: These details will be used later when configuring Resolution Intelligence Cloud SAML Integration
- Sign on URL
- Sign out URL
- Download Signing Certificate
Assign User to Okta SAML App
Click Assignments and click Assign and add people or group that you would like to allow to login to using the newly created App.
Configuring SAML connection in Resolution Intelligence Cloud
To configure SAML connection,
- From Resolution Intelligence Cloud home screen, click Configurations --> Authentication in the left menu
- Click Setup Provider under the SAML tile
A New SAML Connection form appears
- Enter the following fields and click Create at the bottom of screen
Logical identifier for your connection; it must be unique. Once set, this name can't be changed.
For connection name type the name in below format.
This name should be same as the one configured in “Audience URI (SP Entity ID) field” during Okta SAML connection.
NOTE: For “customername”, type your company name
|Sign in URL||Sign on URL that you have noted down from Okta SAML app that you have created earlier.|
|X509 Signing Certificate||Select the Signing certificate that you have downloaded from Okta SAML app that you have created earlier. Before uploading, rename the okta.cert to okta.cer|
|Sign out URL||Signout URL that you have noted down from Okta SAML app that you have created earlier.|
|User ID Attribute||Copy below URL for User ID Attribute: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier|
|Sign Request Algorithm||Optional|
|Sign Request Digest Algorithm||Optional|
|Identity Provider Domains||Enter a list of trusted domains which you want to be identified as identity providers. These are the domains that users accounts have. Example : user login is firstname.lastname@example.org, enter contoso.com. If there are multiple domains, then enter all the domains as comma-separated list.|
4. You have established SAML connection successfully