Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials (e.g., name and password) to access multiple applications.
The service authenticates the end user for all the applications the user has been given rights to.
If a user already exists in Okta, SSO can be used to authenticate it in CentreStack. To carry out this integration, there are some aspects that we must take into account during the configuration.
1. CentreStack Single Sign-On URL
From CentreStack we will need to get the Single Sign-On URL to use access from Okta. This information can be found in the Management Console / Control Panel / Single Sign-On and Management Console / Group Policy / Account & Login / Single Sign-On.
Once in the Single Sing-On Page, copy the link to access the metadata in: Enable SAML Authentication / Access service provider metadata using the following link, and copy the Entity ID, which will be used in the Okta configuration page.
2. General settings
In the Okta web portal, specify the following settings:
a. Single Sign On URL and Audience URI (SP Entity ID)
Use the Entity ID value copied in the step above. (Make sure is enabled the option 'Use this for Recipient URL and Destination URL')
b. Name ID Format
d. Signature Algorithm and Digest Algorithm
SHA1; which provides the most compatibility because CentreSTack was developed on top of Microsoft.Net.
3. Creating Attributes
In the Attribute Statements section, create 3 attributes to match the 3 Parameter defined in the CentreStack SSO configuration page:
a. user:email (IdP Email Parameter)
b. user:firstname (IdP Given Name Parameter)
c. user:lastname (IdP Surname Parameter)
4. Identity Provider IdP Information
Once filled all the settings and created the SAML 2.0 Application in Okta, access the 'Sign On' tab and click on 'View Setup Instructions'.
From this page take two settings and copy them to the SSO configuration on the CentreStack side.
a. Identity Provider Single Sign-On URL (IdP End Point URL)
b. Provide the following IDP metadata to your SP provider (IdP Meta Data)
5. How to login
After applying the changes in the SSO page in the CentreStack web portal, you can test the integration.
a. From CentreStack
In the CentreStack login page, the user can see the link to the Okta SSO already defined, click on it and will be redirected to login in, once logged in will be redirected back to CentreStack to access his data.
b. From Okta
From the Okta webpage, once logged the user / Applications will see all the applications to which belongs and clicking on it will redirect to the CentreStack web portal already logged.