Introduction

This page details the steps required to configure a single-sign-on (SSO) application on an Okta user directory using SAML. The application will allow users to authenticate with their existing Okta user accounts when logging in to EdgeTier, and when users are disabled on Okta, they will lose access to EdgeTier automatically.

Note that full user provisioning is not supported, users will need to be assigned the application in Okta, AND created separately in EdgeTier for successful authentication.

In the steps below, you will be creating an internal application on your Okta instance and passing the configuration details to EdgeTier for integration.

SAML Application Creation

1. Open the Okta Developer Console.
2. In the navigation menu, expand Applications, and then choose Applications.
3. Choose Create App Integration.
4. In the Create a new app integration menu, choose SAML 2.0 as the Sign-in method.
5. Choose Next.

SAML Configuration Settings

1. On the Create SAML Integration page, under General Settings, enter a name for your app - “EdgeTier” will work.

2. (Optional) Upload a logo and choose the visibility settings for your app. If you’d like to use the EdgeTier Logo, it is available here: https://cdn.edgetier.com/edgetier-logo/edgtier-icon.png

3. Choose Next.

4. Under GENERAL, for Single sign on URL, enter "**https://watchtower.auth.eu-west-1.amazoncognito.com/saml2/idpresponse**”

5. For Audience URI (SP Entity ID), enter ”urn:amazon:cognito:sp:eu-west-1_uYWAoliDm”

6. Under ATTRIBUTE STATEMENTS (OPTIONAL), add a statement with the following information:

   1. For Name, enter the SAML attribute name **http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress**.
   2. For Value, enter user.email.

   

7. For all other settings on the page, leave them as their default values or set them according to your preferences.

8. Choose Next.

9. Choose a feedback response for Okta Support: typically, use “I’m an Okta customer adding an internal app”.