Knowledge BaseMetric InsightsSystemAuthenticationHow to configure Okta for MI SAML SSL setup

How to configure Okta for MI SAML SSL setup

SAML implementation by Okta is one of the Identity Provider options to use in order to set up SAML Single Sign-On (SSO) in Metric Insights. SAML Identity Provider is used to generate a Metadata key required for MI SAML integration.

Configure Okta to generate a Metadata key

Okta admins can configure Metric Insights app profile in Okta console to generate a Metadata key.

1. Log in as Admin to your Okta console.

2. Create a new Application: go to Admin -> Applications -> Add Application

3. Click Create New App button, in the pop-up choose SAML authentification method and proceed.

4. Provide a meaningful app name and move to the Configure SAML step.

5. Set up the General parameters for the Okta SAML configuration profile:

5.1. From the MI app Metadata XML within the AssertionConsumerService section find the Location parameter.

5.2. Set its value for the Single Sign On URL parameter in Okta. Make sure that Use this for Recipient URL and Delivery URL checkbox is checked. 

5.3. For the Audience URI parameter in Okta set the Entity ID link from the Federation tab on MI simpleSAML installation page.

5.4. Default Relay State parameter is optional, but you can specify the link to your MI app here (https://<serverIP>or<>)

5.5. Specify the following Attribute Statements:

  • firstName
  • lastName
  • uid  (user.login)
  • email

5.6. Proceed to the next step within Okta SAML configuration process.

6. On the Feedback step set the following parameter values:

  • For the Are you a customer or partner choose I'm an Okta customer adding an internal app
  • For the App type pick This is an internal app that we have created

7. Finish the Okta SAML configuration process.

Get the IdP Metadata key in Okta app

Okta admins can get the link to the required .xml file on the SAML integration profile page in Okta

Check that the Metadata key file (the .xml file donloaded from Okta) has the firstName, lastName and Email attributes defined. If they are not specified, they are to be set directly in the final MI SAML configuration file saml.php.