Need Help? We are right here!
Thanks for your Enquiry. Our team will soon reach out to you.
If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com
Search Results:
×Configure Okta as an IDP for Single Sign-On (SSO) login into your application. miniOrange offers a pre-built solution for integrating Okta Single Sign On (SSO), making it easy to implement. Here Okta will act as an Identity Provider (IDP) and miniOrange will act as a broker, and other multiple applications will act as Service Provider (SP). Enabling SSO for your domain within help of miniOrange allows your Users to easily and securely log in to their accounts.
Whereas, you can setup Okta as SAML IdP to Single Sign-On into apps that support protocols like OAuth, OpenID Connect, JWT, etc. Our Identity Broker service enables cross protocol authentication.
miniOrange offers free help through a consultation call with our System Engineers to configure SSO for different apps using OpenAthens as IDP in your environment with 30-day free trial.
For this, you need to just send us an email at idpsupport@xecurify.com to book a slot and we'll help you in no time.
https://<custom_domain>.xecurify.com/moas/login
Mentioned below are steps to configure Okta as IDP via SAML and OAuth configuration. Follow the steps accordingly based on your requirement (SAML or OAuth).
Follow the steps to configure Okta as SAML IdP configuration.
Single sign-on URL | ACS (Assertion Consumer Service) URL from SP-INITIATED SSO section of the miniOrange |
Audience URI (SP Entity ID) | Entity ID or Issuer from SP-INITIATED SSO section of the miniOrange |
Default RelayState (Optional) | This is the URL where you want to redirect your users after SSO. |
Name ID format | Select EmailAddress as a Name ID Format from the drop-down list |
Application username | Okta username |
Follow the steps to configure Okta as IdP by OAuth configuration.
Follow the same steps for all the attributes you want to see.
Domain Mapping | Can be used to redirect specific domain user to specific IDP |
Show IdP to Users | Enable this if you want to show this IDP to all users during Login |
Send Configured Attributes | Enabling this would allow you to add attributes to be sent from IDP | X.509 Certificate | X.509 Certificate from Okta |
IdP Name | Custom Provider (if your app name is not listed here) |
IdP Display Name | Choose appropriate Name (Like Okta) |
OAuth Authorize Endpoint | https://{yourOktaDomain}.com/oauth2/default/v1/authorize | OAuth Access Token Endpoint | https://{yourOktaDomain}.com/oauth2/default/v1/token | OAuth Get User Info Endpoint (optional) | https://{yourOktaDomain}/oauth2/default/v1/userinfo |
Client ID | Copied from above stpes |
Client secret | Copied from above stpes |
Scope | openid profile email |
If you have already configured your application in miniOrange you can skip the following steps.
Service Provider Name | Choose appropriate name according to your choice |
SP Entity ID or Issuer | Your Application Entity ID |
ACS URL X.509 Certificate (optional) | Your Application Assertion Consumer Service URL |
NameID format | Select urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress |
Response Signed | Unchecked |
Assertion Signed | Checked |
Encrypted Assertion | Unchecked |
Group policy | Default |
Login Method | Password |
Client Name | Add appropriate Name |
Redirect URL | Get the Redirect-URL from your OAuth Client |
Description | Add if required |
Group Name | Default |
Policy Name | As per your Choice |
Login Method | Password |
Note: Choose the Authorization Endpoint according to the identity source you configure.
https://{mycompany.domainname.com}/moas/idp/openidsso
https://{mycompany.domainname.com}/broker/login/oauth{customerid}
In case you are setting up SSO with Mobile Applications where you can't create an endpoint for Redirect or Callback URL, use below URL.
https://login.xecurify.com/moas/jwt/mobile
Few usecases where customers configure multiple IDPs -
For Cloud IDP - | https://login.xecurify.com/moas/discovery?customerId=<customer_id> |
For On-Premise IDP - | https://yourdomain.com/discovery?customerId=<customer_id> |
You can see the screenshot below of the IDP Selection Page with a list of IDPs.
Note: To view the IDP in drop-down list, go to Identity Providers tab > against your configured IDP > Select >Edit , here Enable the Show IdP to Users option.
You receive these error message when you try to SSO in to an application that has been set up to use Okta as External IdP using SAML-based Single Sign-On (SSO).
If you face page can’t be found issue while performing Test Connection or SSO, then you can verify the ACS/Login URL of miniOrange in your Okta.
If you face 404 Page Not Found issue while performing Test Connection or SSO, then you can verify the ACS/Login URL of Okta into the miniOrange app.
If you face an invalid certificate issue, you can check the x.509 certificate entered in the miniOrange app with the certificate of your IdP (Okta).
After SSO, if you are stuck in the login loop, then please confirm the attribute mapping.
Follow the below steps for the same:If you face the 403 App Not Assigned issue, it means you are trying to perform the SSO for that user who is not assigned to that application on your Okta side
Our Other Identity & Access Management Products