Skip to main content

Configure Okta for Single Sign On

Stax integrates with your corporate identity using SAML. This allows you to bring your own identities and identity management controls to the Stax platform. Stax supports Okta's identity solution. It supports integration with applications as a SAML identity provider (IdP) and is available for use by organizations with an Okta environment.

Before You Begin

  • Estimated time to complete: 1 hour
  • Ensure you are a member of the Admin role in Stax
  • You need to be a administrator of your Okta environment

Prepare the SAML Service URIs

Determine your SAML Service URIs (Entity ID and SAML 2.0 Service URL) using the guidance in Configure Single Sign-On.

Creating an Okta App for your Stax Tenancy

  1. In the Okta Admin console, choose Applicationsfrom the left-hand nav and select Create New App

  2. ChooseSAML 2.0 in the Create a new app integration and click Nextmceclip0.png

  3. Provide your application a Name

  4. Check ✅ Do not display an icon to our users

  5. Check ✅ Do not display application icon in the Okta Mobile App (Note: Stax does not support IdP-initiated sign-ins, so while you can display the app, it will not log-in on your behalf)

  6. Click Next

  7. On the Configure SAML in Okta page configure the following General Settings:

    ParameterValueExample
    Single Sign on URLThe entity ID you determined earlierhttps://id.security.mega-corp.au1.staxapp.cloud/auth/realms/master/broker/saml/endpoint
    Use this for Recipient URL and Destination URLChecked ✅n/a
    Audience URI(Entity ID)https://id.security.<organization-alias>.<region>.<domain>/auth/realms/master
    Name ID FormatPersistentn/a
  8. Complete the following Attribute Statements:

    NameName FormatValue
    emailEmail address of the useruser.email
    firstNameFirst name of the useruser.firstName
    lastNameLast name of the useruser.lastName
    Role
    Basicappuser.JumaRole
  9. Click Preview the SAML Assertion and add the Assertion information to a support ticket and Click Next

  10. Under Create SAML Integration:

    • Choose I'm an Okta customer adding an Internal App
    • Check ✅ This is an internal app we have created
    • Click Finishmceclip1.png
  11. The app will now be created and you can navigate to the Sign-on tab of the App to view SAML Setup Instructions

Defining Role-Based access for your Organization

  1. In Okta, navigate to Directory >Profile Editor then locate the application name and click it. The Profile Editor screen will appear

index1.png 2. Select Add Attribute index2.png 3. Input the following information the the Attribute Screen:

NameValue
Data TypeString
Display NameStax Role
Variable NameJumaRole
Define Enumerated list of values
  1. Input the following Attribute Members:

    Display NameValue
    Admincustomer_admin
    Operationscustomer_operations
    Usercustomer_user
    Read-Onlycustomer_readonly
    Cost Admincustomer_costadmin
  2. Attribute Required ✅

  3. Click Save- it should look like this: index3.png

To validate this worked:

  1. Navigate to the Assignments tab of your new application
  2. Assign a User or Group to the application
  3. Edit the User/Group assignment. It should present the following options:

index4.png

Configure Stax to allow SAML Sign In

When you're ready to have Stax configured, you will need to raise a support case with your SAML metadata file and theACS URL of your SAML IdP. Once SAML is configured for your Stax tenancy, the support team will be in touch to let you know that it's ready to be tested.

How do you know this worked?

note

At this time, Stax does not support IdP-initiated sign-ins. You must use SP-initiated sign-in to access Stax.

Next time you navigate to your Stax Console login page, on the top, you'll see a new Continue with Corporate ID button. Clicking this button will take you to your SAML sign-in page. Log in to the IdP and you'll be signed into your Stax tenancy.

Screen Shot 2023-08-25 at 1.40.06 pm.png