You can connect Paligo to Okta for single sign on (SSO). This is only available on the Enterprise plan.
To use Okta with Paligo, you need to set up Okta to provide metadata to Paligo. The metadata includes the name of the user, the user's email address, and the user group that the user belongs to.
Note
The metadata describing the user group is not part of the standard metadata. You must add this metadata to the SAML response.
To be able to Connect Paligo to your SSO Service you need to set up Okta to integrate with Paligo.
The first stage of setting up Okta to communicate with Paligo is to create a new application connector.
In Okta:
-
Locate your applications and select Add application and then Create New App.
-
Apply the following settings for your new application:
-
Platform - set to Web
-
Sign on method - set to SAML 2.0
-
-
Select Create.
-
In the General settings, enter
Paligo
as the App name and then select Next. -
Define the SAML settings.
In the General section, enter the following (replace my.paligoapp.com with your Paligo instance name, for example:
acme.paligoapp.com
).Setting
Value
Single sign on URL
https://my.paligoapp.com/saml/acs
Audience URL
https://my.paligoapp.com/saml/metadata
Default RelayState
https://my.paligoapp.com
Application username
Choose email
-
In the Attribute statements section, add the following attributes:
Name
Name format
Value
user.firstname
Basic
user.firstName
user.lastname
Basic
user.lastName
user.email
Basic
user.email
paligo.usergroup
Basic
appuser.paligo_usergroup
Your settings should look like this:
-
Double-check that your attribute statements are exactly as described in the previous step. Look out for typing mistakes as any errors may prevent the connector from working.
-
Select Next.
The next stage in Okta is to Add the User Group to the Okta SAML Response.
You need to add the Paligo user group information to the Okta SMLA assertion details. This is because the user group is required for user's signing in to Paligo, but it is not included in the default Okta metadata.
In Okta:
-
Select Directory and then Profile Editor.
-
Select the Profile button for the Paligo app.
-
Select Add attribute and enter the details for the Paligo user group.
Setting
Value
Display name
Paligo user group
Variable name
paligo_usergroup
Description
Optional. You can leave this blank or add a description to explain the purpose of the user group attribute.
Data type
string
Attribute length
Between. You do not need to define a min and max value, leave those fields empty.
Attribute required
Check Yes.
Scope
Check the User personal box if you want to assign the user group attribute (for Paligo) to user accounts individually.
If you clear the User personal box, the user group attribute (for Paligo) will apply to all user accounts in the Okta user group. Please refer to Okta documentation for more information.
-
Check that you have entered the correct details for the Paligo user group. Look out for typing mistakes as they could prevent the login from working as expected.
-
Save the attribute.
Next: Assign the Users to Paligo .
Assign both of the following to each user that is going to use Okta to sign in to Paligo:
-
Paligo application
-
Paligo user group
In Okta:
-
Select Directory and then People.
-
Select a user account.
-
On the Applications tab, select Assign Applications.
-
Select Assign for the Paligo application.
-
In the Paligo user group field, enter the appropriate syntax for the user's role in Paligo. The following table shows the possible values you can use:
-
Save the user.
-
Repeat this process for each user account that is going to have access to Paligo via Okta.
-
Check your users to make sure that you have entered the correct syntax. Look out for typing mistakes as any errors could prevent the logins from working.
Note
Next: Get the Metadata from Okta.
Set Okta to get the metadata file that is needed for the connection:.
In Okta:
-
Select Applications and then Applications.
-
Select Sign On.
-
Right-click on the Identity Provider Metadata link and choose to save the link as a file. Give the file a name and an .xml extension, for example, metadata.xml. You will need this XML when you set up the Paligo connection.
You have now completed the configuration that is needed in Okta. The next step is to Connect Paligo to your SSO Service.
Comments
0 comments
Article is closed for comments.