|
SKIP AHEAD TO: |
Learn how to configure Spekit and Okta for SAML and SCIM 2.0.
How to connect Okta SSO (SAML) to Spekit
This is for new and existing Spekit customers looking to connect SSO/SCIM.
Section Overview:
- Login to Spekit
- Select or Create your Application
- SAML Application Setup
- Configure SAML Application
- Submit Application Feedback
- Add Users to SAML Application
- Enter Setup Instructions
- Obtain Identity Provider Details
- Upload Certificate
Login Steps
1.) Log in to Okta.
2.) Go to the admin dashboard.
3.) Select Applications in the navigation bar.
Note: These Okta screenshots reflect the new Okta Admin UI. Okta planned to deprecate the Classic UI in October 2021.
Select or Create your Application
1.) Select or create your application.
2.) Choose which path applies to you:
- If your application is already created, select it from the list of applications and move to setup instructions (first image).
- If you haven't created a SAML application in Okta, select ‘Create App Integration’ (second image).
Initial SAML Application Setup
1.) Select the Create New App button.
2.) Select SAML 2.0 as a Sign on method.
3.) Click the Next button.
4.) Enter a descriptive App name.
5.) Click the Next button.
Configure SAML Application
1.) Input the ACS URL from the WorkOS page as the ‘Single sign-on URL’ AND the ‘Audience URI (SP Entity ID).’
2.) Scroll down to the Attribute Statements section.
3.) Use the Add Another button to add the following key-value pairs.
- id -> user.id
- email -> user.email
- firstName -> user.firstName
- lastName -> user.lastName
4.) Click the Next button.
Submit Application Feedback
1.) Select I'm an Okta customer adding an internal app from the options menu.
2.) Complete the form with any comments.
3.) Click the Finish button.
Add Users to SAML Application
To permit users to authenticate via this SAML app, you must assign individual users and/or groups of users to the Okta SAML app.
1.) Click the Assignments tab.
2.) Select either Assign to People or Assign to Groups.
3.) Find the individual user(s) and/or group(s) you would like to assign to the app.
4.) Click Assign next to them.
5.) Click the Done button.
Enter Setup Instructions
1.) Select Sign On from the application tabs.
2.) Click View Setup Instructions in Sign On.
Obtain Identity Provider Details
1.) Copy and paste the ‘Identify Provider Single Sign-On URL’ into the IDP SSO URL field.
2.) Copy and paste the ‘Identity Provider Issuer’ into the IDP URI (Entity ID) field.
3.) Select Download certificate to obtain the X.509 Certificate.
4.) Save it to your preferred directory.
Upload Certificate
1.) Upload the X.509 Certificate in your WorkOS Connection Settings. Your Connection will be verified, and you will be good to go! You may need to rename the downloaded X.509 certificate from okta.cert to okta.cer.
How to connect Okta (SCIM 2.0) to Spekit
For new and existing Spekit customers looking to connect SSO/SCIM 2.0. If you have not completed the Okta SSO (SAML) to Spekit configuration, please click here to do that before proceeding.
The SSO (SAML) portion must be done before the SCIM portion!
Section Overview:
Login Steps
1.) Log in to Okta.
2.) Go to the admin dashboard.
3.) Select Applications in the navigation bar.
Note: These Okta screenshots reflect the new Okta Admin UI. Okta planned to deprecate the Classic UI in October 2021.
4.) Select Browse App Catalog.
5.) Search for SCIM 2.0 Test App (OAuth Bearer Token).
6.) Click the result that matches under the INTEGRATIONS header below the search.
Sign-On Options
1.) Click the Sign-On Options tab.
2.) Make sure SAML 2.0 is selected.
3.) Make sure a check is in the box next to Never prompt the user to re-authenticate.
4.) Scroll down the page, and click Done.
Provisioning | Enable API Integration
1.) Click the Provisioning tab.
2.) Add a check to the box next to Enable API Integration. Refer to the WorkOS documentation.
3.) Look for and copy the SCIM 2.0 Base Url provided and paste it into the corresponding field.
4.) Look for and copy the OAuth Bearer Token and paste it into the corresponding field.
5.) Click Test API Credentials.
Look for the notification of how the test went. Please see the example below.
You should see: SCIM 2.0 Test App (OAuth Bearer Token) Was verified successfully!
6.) Click Save.
Provisioning to App
1.) Click the Provisioning tab.
2.) Click Edit.
3.) Add a check in the box next to Enable for:
- Create Users
- Update User Attributes
- Deactivate Users
4.) Click Save.
Assignments | Assign to People
1.) Click the Assignments tab.
2.) Click People.
3.) Click the Assign drop-down.
4.) Click Assign to People.
Locate the person you want to add.
5.) Click Assign on the same row as their name.
The pop-up will open to all of the user's information. Scroll down to the bottom of the page.
6.) Click Save and Go Back. Repeat this process for each user you want to add.
7.) When you have assigned all users, click Done.
You will see a confirmation message: # of people assigned successfully.
Push Groups
1.) Click the Push Groups tab.
2.) Click the blue drop-down Push Groups.
3.) In the drop-down, click Find groups by name.
4.) Click the field to search for a group you previously created.
5.) Click the name of the group in the drop-down.
Example: Account Executives.
You will now see the group you clicked on under the Group header.
6.) Scroll down the page, and click Save.
7.) Click the blue i icon to push the group you just added.
You will receive a message: Directory Sync Configuration Complete.
8.) Click the blue View Directory button.
The Spekit Web App Connect page will now show Successfully Connected for SSO/SCIM.
The Okta Applications page for Active App Integrations will show SAML and SCIM for Spekit.