Single Sign-On (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
The service authenticates the end user for all the applications the user has been given rights to.
If a user already exists in Okta, SSO can be used to authenticate it in CentreStack. To carry out this integration, there are some aspects that must be taken into account during the configuration.
1. CentreStack Single Sign-On
- From CentreStack we will need to setup the Single Sign-On authentication for Okta. This information can be found in the Tenant Management Console / Control Panel / Single Sign-On or Tenant Management Console / Group Policy / Account & Login / Single Sign-On.From Centrestack release 12.12.570.53288 or later, the Single SIgn On is moved to Tenant Settings, Single Sign on (SAML Integration)
- Once in the Single Sing-On Page, 'Enable SAML Authentication', copy the link to access the metadata: 'Access service provider metadata using the following link' and in SSO Provider choose 'other'.
- Open the link copied in a Web Browser and copy the Entity ID, which will be used in the Okta configuration page.
2. Okta SAML Application - General
- In the Okta web portal, change to the Classic UI (top right) and create a new Web Application choosing 'SAML 2.0' (visit Okta Guide for more help)
- After entering the 'General Settings' for this new App, configure the SAML Settings (need to 'Show Advanced Settings'), leave the fields with the information filled by default and only change the following:
a. Single Sign-On URL and Audience URI (SP Entity ID)
Use the Entity ID value copied in the step above. (Make sure is enabled the option 'Use this for Recipient URL and Destination URL')
b. Name ID Format
d. Signature Algorithm and Digest Algorithm
SHA1; which provides the most compatibility because CentreStack was developed on top of Microsoft.Net.
3. Okta SAML Application - Attribute Statements
In the Attribute Statements section, create 3 attributes to match the 3 Parameters defined in the CentreStack SSO configuration page:
a. Name: Email - Value: user.email - SSO parameter: IdP Email Parameter
b. Name: FirstName - Value: user.firstName - SSO parameter: IdP Given Name Parameter
c. Name: LastName - Value: user.lastName - SSO parameter: IdP Surname Parameter
4. Okta SAML Application - Setup Instructions and Assignments
After filling all the settings described above click Next and Finish.
Once in the Application page, access the 'Sign On' tab and click on 'View Setup Instructions'.
From this page take two settings and copy them to the SSO configuration on the CentreStack side.
a. Identity Provider Single Sign-On URL (IdP End Point URL)
b. Provide the following IDP metadata to your SP provider (IdP Meta Data)
To add users to the Application go to the 'Assignments' tab.
5. How to login
After saving the changes in the SSO page in the CentreStack web portal, you can test the integration.
a. From CentreStack
In the CentreStack login page, the user can see the link to the Okta SSO already defined, click on it and will be redirected to login in, once logged in will be redirected back to CentreStack to access his data.
b. From Okta
From the Okta webpage, once logged the user / Applications will see all the applications to which belongs and clicking on it will redirect to the CentreStack web portal already logged.
c. From Desktop Clients and Mobile Applications
Visit this article for more details: Does SSO work with all platforms or is it web portal only