Configuring Okta SSO
StatusGator supports enterprise Single Sign On (SSO) using the Security Assertion Markup Language (SSO). SAML is an open standard for exchanging authentication and authorization data between parties. SAML requires an identity provider (in this case, Okta) and a service provider, in this case StatusGator.
StatusGator SAML SSO has the following benefits:
- Users have have a single identity managed by your SAML Identity Provider.
- One click access to StatusGator from your Identity Provider dashboard.
- Configure an ad-hoc application in Okta. This step will only be necessary until StatusGator is accepted into the OAN.
- Configure StatusGator to use your Okta ad-hoc application for SSO.
- Add users to your StatusGator SSO application within Okta.
As an admin in your Okta account, create a new application. This can be done by clicking the Applications area in their main navigation:
- Click the Add Application button.
- Next click the Create New App button.
- Now ensure "Web" as the value for Platform, and click the SAML 2.0 radio button.
- You can call your application "StatusGator" or whatever you like.
The icon is optional but feel free to use the following image:
- After clicking Next, you'll configure a number of application settings in the Okta StatusGator application.
Single sign on URL: https://statusgator.com/users/saml/auth
- Make sure Use this for Recipient URL and Destination URL is checked.
- Audience URI (SP Entity ID): https://statusgator.com
- Name ID format: EmailAddress
- Application username: Email
- Update application username on: Create and update
Configure Attribute Statements which map values to user attributes in StatusGator. You'll want to enter first_name, last_name and email as the attribute name on the left, and then choose the corresponding user values on the right.
Here's a full screenshot of what the settings should look like:
- Ensure email is set. StatusGator SAML SSO does not use the standard NameID in the sso negotiation. Email is required for StatusGator SSO to function.
- Double check to ensure the Attribute Statements as well as Single sign on URL and Audience URI are set. Then click Next.
- Choose "I'm an Okta customer adding an internal app". (We're working to add StatusGator to the Okta app store to eliminate this requirement.)
- This completes the setup of your ad-hoc StatusGator application in Okta. Next you will retrieve the settings needed to configure StatusGator to use Okta.
- Click View Setup Instructions. This will display the metadata needed to configure StatusGator for your new Okta application.
Keep this browser window open. This information will be used next when configuring StatusGator.
- Sign in to your StatusGator account using your email address and password. Once logged in click the Organization link in main drop down menu located at the upper right corner of the page. From there, click Add SSO. If you do not see an Add SSO link here, email firstname.lastname@example.org to request access to SSO.
- You will be presented with the following form:
- Use the Identity Provider Issuer URL for the Identity Provider Entity ID above.
- Next, fill out Identity Provider SSO URL for both Sign on and Sign Out URLs.
- Finally, copy the X.509 certificate into the StatusGator IDP Certificate field.
The fingerprint and algorithm fields can be left blank.
Once setup, you'll need to associate users in your Okta Directory with StatusGator so they may log in.