OKTA SSO Configuration

The integration has two steps, one on the OKTA side and one on the Datarails side.

Step 1  - Datarails

Enforce Login Authorization Method

Admins can define the login authorization method for their organization.

  1. From the Home page, navigate to the left-side panel and click on Admin
  2. From there, click on Organizations

screenshot-app.datarails.com-2022.06.20-11_57_14.png

  1. In the new page that opens, find your organization (there may be only one) and click on the three dots ellipsis.
  2. Then from the dropdown choose, Enforce Auth Method For Admins

screenshot-app.datarails.com-2022.06.20-12_02_16.png

  1. Select the option necessary for your organization.

  1. Click Save.
  2. Click on the three dots on the right of the organization, and select Edit SAML Configurations:
  3. Enter the information from the OKTA site in the following screen:

Name: okta

IDP SSO URL: Sign into the Okta Admin Dashboard to generate this variable.

IDP Issue (entityID): Sign into the Okta Admin Dashboard to generate this variable.

Certificate: Sign into the Okta Admin Dashboard to generate this variable.(without the --- begin/end certificate --- parts)

Click Save.

To get the information, please follow step 2 of the setup

 

Step 2  - OKTA

 

You can choose one of the following methods: 

  • Use the DataRails public app (recommended).
  • Or create a custom datarails app.

Public app

Go to the Okta Administrator Dashboard to add the public DataRails application, then view the specific values for your organization. You will need to save these values for step 2.

 Use classic UI admin, go to the DataRails application-> Sign on -> view setup instructions.

Custom app

If you want to create a custom app and not use the public app, you can configure it with the following params:

Single Sign On URL

https://app.datarails.com/oktasso/?acs

Recipient URL

https://app.datarails.com/oktasso/?acs

Destination URL

https://app.datarails.com/oktasso/?acs

Audience Restriction

https://app.datarails.com/oktasso/metadata

Default Relay State

Name ID Format

EmailAddress

Response

Signed

Assertion Signature

Signed

Signature Algorithm

RSA_SHA256

Digest Algorithm

SHA256

Assertion Encryption

Unencrypted

SAML Single Logout

Disabled

authnContextClassRef

PasswordProtectedTransport

Honor Force Authentication

Yes

SAML Issuer ID

http://www.okta.com/${org.externalKey}

ATTRIBUTE STATEMENTS

Name Name Format          Value

Email         Unspecified     user.email

Username Unspecified     user.username

firstName  Unspecified     user.firstName

lastName   Unspecified    user.lastName



© Datarails Ltd. All rights reserved.

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.