Okta
Audience
Audience: Administrators
Overview
Okta is an Identity Management Platform, which allows customers to access their web apps in one location.
The following article provides guidance for configuring SSO within Okta, so that you can successfully integrate with OrgChart.
Creating an SSO Integration
Log in to your Okta Admin Dashboard.
Click on the Applications dropdown menu in the (left side panel), and then select the Applications option.
Click on the Create App Integration button.
Select SAML 2.0 from the list of app integration options, and then click Next.
Enter a name for the application (i.e. OrgChart).
Optionally, choose an app logo to display on the OrgChart tile, as well as your app visibility options, and then click Next.
Configure the SAML settings as seen below:
Single sign on URL
https://{SERVER NAME}.orgchartnow.com/saml/sso_acs?entityID=YOUR_ENTITY_ID
Recipient URL
https://{SERVER NAME}.orgchartnow.com/saml/sso_acs?entityID=YOUR_ENTITY_ID
Destination URL
https://{SERVER NAME}.orgchartnow.com/saml/sso_acs?entityID=YOUR_ENTITY_ID
Audience URI (SP Entity ID)
https://{SERVER NAME}.orgchartnow.com/saml/sso_metadata?entityID=YOUR_ENTITY_ID
Name ID Format
EmailAddress
Application username
Okta username
Note
YOUR_ENTITY_ID refers to your Okta generated entity ID, and is also referred to in Okta as the SAML Issuer ID.
This value is generally formatted with your Org External Key. If you do not know your org external key, temporarily populate each URL in the General SAML Settings section, click on Next > I'm an Okta Customer > Finish.
On the Sign On tab, scroll to the SAML Signing Certificates section, click on the Actions button (for the Active certificate), and then select View Idp Metadata.
Your Okta Entity ID appears after the entityID indicator in the first line of the XML. Copy the entire key (without the quotation marks), and then paste this value into a separate document.
Click on the General tab, edit the General SAML Settings, and then paste your Okta Entity ID into each URL, replacing the YOUR ENTITY ID text.
Click on the Advanced Settings hyperlink.
Ensure that Advanced SAML Settings are configured as seen below:
Optionally, configure Attribute and/or Group Attribute Statements. Reference the Okta SAML Attribute Mapping article for more information.
Click Next.
Select the following options on the Okta feedback page, and then click on Finish.
I am an Okta customer adding an internal app
Once you've finished, assign the application to the desired users, and then configure SSO in OrgChart.
Configuring SSO in OrgChart
Log in to OrgChart.
Click on the Mode Switcher icon in the Top Toolbar, and then select the Setup option. The Setup panel is displayed.
Click on the Account Settings tile, and then click on the Authorization tab in the left side menu.
Click on the icon (to the right of the SSO Configuration heading). The SSO Configuration panel is displayed.
Enter the Okta Entity ID into the SSO Entity ID text box.
Click on the Metadata Type dropdown menu, and then select the Remote option.
In Okta, open the OrgChart app that you've created, and then click on the Sign On tab.
Scroll to the SAML Signing Certificates section, click on the Actions button (for the Active Certificate), and then select the View IDP Metadata option. An tab containing a link to the metadata XML is opened.
Copy the URL.
Paste the metadata URL into the Metadata Location text box in the OrgChart SSO Configuration panel.
Click on the NameID Handling dropdown menu, and then select the Main SAML Assertion option.
Optionally, add SAML Attribute Handling to use Okta data to update user information or map security groups. Reference the Okta SAML Attribute Mapping article for more information.
Check the SSO Enabled checkbox to enable user to sign in to OrgChart from Okta.
Optionally, check the Auto-Provision checkbox to automatically create new users if they do not already exist in OrgChart.
Optionally, check the Single Logout checkbox to automatically sign users out of Okta when signing out of OrgChart.
Click on Save.