Okta SSO (SAML) Configuration and Just-In-Time Provisioning

Updated 4 months ago

Note, you must be the Okta admin user and a Simpplr Application manager to complete these steps.

Create an App in Okta

First we'll need to create the app in Okta. From your Okta instance:

In the left hand navigation, click Applications > Applications. Now either select an existing application (if Simpplr has already been added) or create one.
To create a new application:
1. In the Applications page, click on Create App Integration.
2. Select SAML 2.0 and click on Next.
3. Enter the App name. This can be your intranet name, or "Simpplr". Call it anything you'd like, as long as you'll remember it. Then click Next.
4. Copy your Simpplr home page url and paste it into the Single sign-on URL box in Okta. This will be used as a placeholder. We will change this later on. Input dummy data into the Audience URI field as well. Again, anything will work here for now; this just acts as placeholder information that will change later on.
5. Select Email for the Application username field.
6. Scroll down and click on Next.
7. Copy the Sign on URL and Issuer, and download the signing Certificate. Paste these items somewhere you can access later on. You'll need them when connecting the app to Simpplr.

In Simpplr, from your user profile image, click Manage > Application > Security > External Idp (SSO)
Select Add, then choose Okta.
Provide the details required for SSO integration
1. Name: This is the display name for the SSO integration, visible on the page. Choose a clear and descriptive name that distinguishes it from other SSO options
2. Sign in text: This text displays on the login page.You can provide any custom text.
3. Login URL: Enter the Sign on URL received from Okta SSO SAML app.
4. Identity Provider (IdP) entity ID: Enter the Issuer received from Okta SSO SAML app
5. Certificate: Upload the certificate received from Okta
6. Select a login identifier: Select at least one login identifier that users will use to log into Simpplr application. Choose any of the available identifiers supported by Okta
7. Optionally, by switching the toggle, enable SSO Just-in-Time (JIT) provisioning if you want users to be provisioned JIT via Okta. For more information on SCIM provisioning via Okta, click here.
8. Click Add. The integration is complete in Simpplr. You will get the configuration details, which will be used to complete the integration in Okta.

Back in your Okta instance, from your Simpplr app oyu created earlier, head to Edit SAML Integration and navigate to Configure SAML.

Enter the Single sign-on URL - Copy the ‘ACS URL’ received from configuration details in Simpplr and paste it in the Sign-on URL field in Okta SAML app.
Enter the Audience URI (SP Entity ID) - Copy the ‘Service Provider entity ID’ received from configuration details in Simpplr and paste it in the Audience URI (SP Entity ID) field in Okta SAML app.
Enter the Default RelayState - Copy the ‘Relay state’ received from configuration details in Simpplr and paste it in the Default RelayState field in Okta SAML app.
Scroll down and add attribute statements. In the Attribute Statements fields, add the following mappings (these are mandatory for the integration to work).
To map in Simpplr, head to Manage > Application > Security >External (IdP) SSO. Select the three dots next to your SSO vendor (Okta in this case) and choose Field mapping.

Once finished mapping, click Next, then Finish. SAML setup is complete.

Optional fields are below:

image (100).png