Configure SAML in Okta

This guide describes the steps required to create a working SAML integration between Okta and GoBright.

We recommend to open two browser windows side by side, because you'll need to switch between the two.

Steps to configure Okta & GoBright SAML

In the Okta admin panel

Go to ‘Applications’ > ‘Applications’.
There click ‘Create App Integration’:

Choose ‘SAML 2.0’:

Enter the name, and do not display the app to users:

Hit ‘Next’ and fill in the ‘Configure SAML page’.

In the GoBright Portal

Create the SAML integration, and take the following values:

  • Obtain the ‘Reply URL (Assertion Consumer Service URL)’
  • Obtain the ‘Relying party identifier / Entity Id’
Back in the Okta admin panel
  1. Paste the obtained Reply URL into the 'Single sign-on URL' field
  2. Paste the obtained Relying party identifier' into the Audience URI (SP Entity ID) field

The other fields in Okta should be configured as:

  • ‘Default RelayState’: keep empty
  • ‘Name ID format’: select ‘Unspecified’
  • ‘Application username’: select ‘Okta username’
  • ‘Update application username on’: select ‘Create and update’

In the list ‘Attribute Statements’, add:

ATTRIBUTE STATEMENT VALUE REQUIRED
name user.displayname OR
user.firstName + " " + user.lastName
yes
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/mobilephone user.mobilePhone no
gobright.pincode [your pincode field] no
gobright.nfc [your nfc field] no
gobright.defaultcostcenteridorname
[your default costcenter field] no

The result should look like this:

Now save the application.
The Sign On-tab will open automatically.

Scroll down on that Sign On-tab, and click View SAML setup instructions

Obtain the following details from Okta

  • Obtain the Identity Provider Single Sign-On URL
  • Obtain the X.509 Certificate
Final steps in the GoBright Portal

Apply the obtained values in the SAML integration in the GoBright Portal:

  • Paste the the ‘Identity Provider Single Sign-On URL in the ‘Single Sign-on service url’ in the GoBright Portal
  • Paste the the ‘X.509 Certificate in the ‘Token-signing certificate (Base64)’ in the GoBright Portal

Optional: GoBright as ‘bookmark app’ in Okta
To show the ‘GoBright’ app as icon, follow: https://help.okta.com/en-us/Content/Topics/Apps/apps-create-bookmark.htm

0 out of 0 found this helpful