search
Customer Support

Okta - SAML - Configuration

circle-check

hashtag
Required User Credentials

[Flosum User] - SystemAdministrator Role

circle-check

hashtag
Important Note

The instructions in this article cover a third-party app and may not reflect the latest version. Please use these instructions as a guide to complete the task, but be aware that some screens, field names, and steps may have changed.

hashtag
Overview

This article explains how to integrate an Okta identity provider with Flosum Cloud Apps using SAML authentication to enable Single Sign-On (SSO), allowing users to access the platform seamlessly with their existing credentials.

circle-info

For more general instructions about adding an Identity Provider, see the following article.

circle-exclamation

hashtag
Customer-Hosted

Customers who host Flosum Apps on their own infrastructure will have a custom URL for logging into their apps. When using this documentation, replace any Flosum Hosted URLs with your own URLs.

hashtag
Configure Okta

1

hashtag
Create Application

  1. Log in to the Okta Admin Console.

  2. Navigate to Applications.

  3. Click Create App Integration.

  4. Select SAML 2.0 as the Sign-in method.

  5. Click Next.

  6. Enter an App name.

  7. Click Next.

2

hashtag
Configure SAML Settings

  1. Click the Single sign-on URL textbox and enter the SAML URL for your region from the table below.

Region
SAML URL

United States

https://global-us.flosum.app/api/v1/saml/acs

Germany

https://global-de.flosum.app/api/v1/saml/acs

Japan

https://global-jp.flosum.app/api/v1/saml/acs

Australia

https://global-au.flosum.app/api/v1/saml/acs

  1. Click Audience URI (SP Entity ID) and enter a unique identity for this SSO. This can be any unique string value.

  2. Click Add identifier and enter a unique identity for this SSO. This can be any unique string value.

  3. Click Show Advanced Settings.

  4. Click Response and select Signed.

  5. Click Assertion Signature and select Signed.

  6. (Optional) The Assertion Encryption (optional) setting isn't required to work with Flosum SSO. Configure only if required by your security or compliance policies.

    1. If required, you will need a public certificate and private key pair.

    2. Upload the public certificate to the Encryption Certificate.

  7. (Optional) The Signed Requests (optional) setting isn't required to work with Flosum SSO. Configure only if your security or compliance policies require signed authentication requests (AuthnRequest).

    1. If required, you will need a public certificate and private key pair.

    2. Enable Signed Requests

    3. Upload the public certificate to the Signature Certificate.

  8. Click Next.

  9. Click Finish.

3

hashtag
Configure Attribute Statements

  1. Open the Sign On tab.

  2. Scroll down to Attribute Statements.

  3. Click Show legacy configuration.

  4. Click Edit under Profile attribute statements.

  5. Add the following attribute statements.

Name
Source attribute

firstName

user.firstName

lastName

user.lastName

email

user.email

uniqueUserId

device.trusted

circle-info

The uniqueUserId claim can be mapped to any user attribute that is both unique and constant.

4

hashtag
Assign Users

  1. Open the Assignments tab.

  2. Click Assign → Assign to People.

  3. Assign the application to the required users.

  4. Click Save and Go Back.

  5. Click Done.

5

hashtag
Create Identity Provider in Global Settings

Follow the general instructions in the article below to get started creating a SAML Identity Provider.

  1. Adding an Identity Provider (SSO)

  2. Complete the Basic information section.

    1. Select OPEN_ID for the identity provider Type.

  3. Complete the Button information section.

  4. (Optional) Complete the Group information section.

hashtag
Complete SAML 2.0 Information Fields

Copy the information from your Okta application into the SAML 2.0 Information section. The first two screenshots below show which Okta application fields to copy. The table explains where to enter this information. The final screenshot shows a completed identity provider for an Okta SAML application.

Flosum Field
Okta Field
Instructions

Issuer

General Tab → SAML Settings → Audience Restriction

Entity ID

Sign On Tab → Settings → More details → Issuer

Click the Copy icon to copy this link.

Identity Provider Sign Certificate

Sign On Tab → Settings → More details → Signing Certificate

Click Download to download the certificate. Once downloaded, click Identity Provider Sign Certificate and upload it.

Name ID format

Leave blank

Identity Provider Login URL

Sign On Tab → Settings → More details → Sign on URL

Click the Copy icon to copy this link.

hashtag
SAML Signed Request Enabled

If General Tab → SAML Settings → SAML Signed Request is Enabled:

  1. Check the SAML Signed Request Enabled checkbox.

  2. Complete the fields in the table below.

Flosum Field
Value

Auth Sign Certificate

Click to upload the public certificate that corresponds to the verification certificate.

Auth Private Key

Click to upload the private key that matches the public certificate.

Auth Private Key Password

Enter the passphrase for the private key if encrypted.

Auth Sign Algorithm

Leave blank (or specify if required).

hashtag
Assertion Encryption Enabled

If General Tab → SAML Settings → Assertion Encryption is Encrypted:

  1. Check the Assertion Encryption Enabled checkbox.

  2. Complete the fields in the table below.

Field
Description

Encryption Certificate

Click to upload the public certificate that is used for assertion encryption.

Encryption Private Key

Click to upload the private key that pairs with the public certificate.

Encryption Private Key Password

Enter the passphrase for the private key if encrypted.

6

hashtag
Save and Test

circle-info

For instructions on logging in with SSO, see the following article.

  1. Click Save to save the identity provider.

  2. To test, open an incognito window.

  3. Start logging in to Global Settings with your tenant name.

  4. If the identity provider was configured successfully, you should see the SSO button you created.

PreviousMicrosoft Entra ID - SAML - ConfigurationNextSCIM Configurations

Last updated

Was this helpful?