Simple steps to set up SSO with Okta:


  1. Open the Configurations tab on your left and go to the SSO settings tab, move the switch to On;
  2. Open your account in Okta and create a new App Integration or choose an existing one.


How to configure the App Integration:

  1.  After clicking on the Create App Integration button, select the SAML-based sign-in method;    
  2. Fill in all necessary fields on Step 1 — General Settings and proceed to the next step:

  3. Configure SAML Settings:
    • Fill in fields in the General section. You need to match fields from your SSO configuration tab in Precoro with fields in Okta:
      • Single sign on URL —> Assertion Consumer Service (ACS)
      • Audience URI (SP Entity ID) —> Entity ID
      • Mark the Use this for Recipient URL and Destination URL checkbox as 'active' (it's just under the Single sign on URL field);

            
    • Select the EmailAddress parameter for the Name ID format field;
    • Select the Email parameter for the Application username field; 

  4. Click Show Advanced Settings and:
    • Set Assertion Encryption as Encrypted;
    • Download Precoro Certificate and upload it into the Encryption Certificate field;

    • Enable Single Logout by marking the Allow application to initiate Single Logout checkbox as 'active';
    • Match fields from your SSO configuration tab in Precoro with fields in Okta: 
      • Single Logout URL —> Single Logout Response Endpoint;
      • SP Issuer —> Entity ID;
    • Download Precoro Certificate and upload it into the Signature Certificate field;
  5. Set up the Attribute Statements section:
    • Type "email" in the Name field;
    • Select 'user.email' for the Value field;



  6. Proceed to the last step and click the Finish button.


Configure SSO in Precoro


  1. Fill in Step 3: Identity Provider Issuer:
    • Go to the Sign On tab on the just configured App Integration;
    • Scroll down, find, and click the View Setup Instructions button;
    • Copy the value of Identity Provider Issuer and paste it to Step 3: Identity Provider Issuer in Precoro;



  2. Upload Metadata to Precoro:
    • Find the Identity Provider metadata on the Sign On tab;
    • Open the link and save Metadata on your computer;
    • Upload this file to Step 4 in Precoro;

  3. Click the Update button. Now the SSO is configured.

  4. Please, do not forget to assign users to this Application.