Okta as SAML Identity Provider

1. Setup App Integration in Okta

1.1. Prerequisites

1. Login to your Turbomechanica account with user email provided by Mechademy.

2. On the Turbomechanica dashboard, in the left panel click on Settings Icon > Integrations > Click on info icon on the top right corner > Select integration type as Okta Saml

3. Note the identity provider Single Sign-On URL and Audience URI (SP Entity ID) ; these will be used in later steps to create app integration.

1.2. Create App Integration

1. Log in to the Okta Developer Console, go to Okta Admin Dashboard.

2. Go to Applications > Applications > Create App Integration and choose SAML 2.0 from the options.

3. Click Next.

4. Provide the general information for the integration and then click Next.

5. Provide the necessary SAML settings information for your integration. (See Application Integration Wizard SAML field reference for descriptions of individual fields.)

• Configure the following settings:

Select Use this for Recipient URL and Destination URL

6. In Attribute Statements section, add following attributes :

7. Optional. Click <> Preview the SAML Assertion to view the XML generated from the SAML settings that you provided.

8. Click Next.

9. Provide configuration information about your app integration to Okta:

• Select I'm an Okta customer adding an internal app.
• Select This is an internal app that we have created.

10. Click Finish. Your integration is now created in your Okta account.

11. After you create your SAML app integration, the SAML Signing Certificates section appears on the Sign On tab.

12. Go to Sign On tab, in Saml 2.0 section click on more details and note the Identity Provider Single Sign-On URL, click on Download to obtain a copy of the currently active X.509 certificate.

2. Setup SAML Integration in Turbomechanica.

1. Login to your Turbomechanica account with user email provided by Mechademy.

2. On the Turbomechanica dashboard, in the left panel click on Settings Icon > Integrations > Click on Add Integration on the top right corner.

3. Follow the steps and provide the following mandatory configuration settings for this connection:

4. Click Save. Your integration is completed. Well Done !

3. Test the Integration

1. To test the user login process, create a test user with your company's email domain (email domain should match with value added in Domain Aliases in above section) in your Okta account.

• Log in to the Okta Developer Console, go to Okta Admin Dashboard.
• Go to Directory > People
• Click the Add Person button.
• Fill in User Details
• Activate User

2. Assign test user with permissions to access the newly created app.

3. Go to your Turbomechanica domain. This time, try logging in with Okta credentials for test user and you should be redirected to OKTA SSO page for login.

Note: If you face any issues regarding redirection, make sure to check your email address domain matches with Domain Alias field added in previous steps.

4. Assign Users to App

1. Log in to the Okta Developer Console, go to Okta Admin Dashboard.

2. Go to Applications > Applications > Click Assign Users to App.

3. Select the app created in the above steps and assign it to people or groups.

4. Click Next and Confirm Assignments.

Request Template

<samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
@@AssertServiceURLAndDestination@@
    ID="@@ID@@"
    IssueInstant="@@IssueInstant@@"
    ProtocolBinding="@@ProtocolBinding@@" Version="2.0">
    <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">@@Issuer@@</saml:Issuer>
</samlp:AuthnRequest>

IdP-initiated SSO

Reference: Configure Okta as SAML Identity Provider