Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Setting up OKTA for SAML-based Single Sign-On (SSO)

By SueAnn See
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators responsible for managing organization security settings in Mazlan Home.

Admin Console access is required.

You can set up Okta as your corporate identity provider (IdP) in Mazlan Home using SAML or OIDC. To use an external identity provider like Okta, you will need to ensure the Mazlan Home user's authentication type is set to External.

This article outlines how to configure a new SAML app in Okta and link it to Mazlan Home.

Creating a SAML app

To create a SAML app in Okta:

  1. Sign in to your Okta admin console.
  2. Navigate to Applications.
  3. Click Create App Integration.
  1. Select SAML 2.0 as the sign-in method.
  2. Click Next.
  1. In the General Settings step, enter an App name.
    The other settings are optional.
  2. Click Next.

Configuring the SAML app

Mazlan Home

To configure your SAML IdP in Mazlan Home:

  1. Sign in to Mazlan Home. 
  2. Navigate to the Admin Console.
  3. Go to the Security Center.
  4. Select Authentication.
  5. Select External IdP Configuration
  6. Click Add Identity Provider.
  7. Select SAML.
  8. Click Next. 
  9. Enter a Provider name.
    This name will appear as the sign-in button label at the sign-in page.
  10. Complete the remaining mandatory settings.
  11. Click Apply Configuration to save the IdP configuration in Mazlan Home.

Okta

To configure your SAML IdP in Okta:

  1. Go to your Okta application.
  2. Configure the SAML step.
  3. Enter the values for the general fields as follows:

Field

Value

Single Sign On URL

Reply URL obtained from Mazlan Home SAML configuration.

Refer to the Identifier and Reply URL section for more information.

Audience URI (SP Entity ID)

Identifier obtained from Mazlan Home SAML configuration.

Refer to the Identifier and Reply URL section for more information.
Default Relay State

Relay State obtained from Mazlan Home SAML configuration. This is required only if you choose to accept IdP-initiated assertion. Otherwise, skip this.

Refer to relay state for IdP-initiated workflow section for more information.

Name ID format

Defaults to "Unspecified”. Use "Persistent” when SAML Signed Requests are enabled.

Refer to the signing and encryption section for more information.
  1. Click Advanced Settings.
  2. Enter the values for the fields as follows:

Field

Value
Assertion Encryption

Optional. You can set this to Encrypted so only the sender and receiver can read the SAML assertion. This does not apply if you accept IdP-initiated assertions in the Mazlan Home SAML configuration.

Refer to the signing and encryption section for more information.
Encryption Certificate

If you set Assertion Encryption to "Encrypted", upload the encryption certificate from Mazlan Home. See section SAML signing and encryption. This does not apply if you accept IdP-initiated assertions in Mazlan Home SAML settings.

Refer to the signing and encryption section for more information.
Signature Certificate

Upload the signing certificate that is downloaded from Mazlan Home.

Refer to the signing and encryption section for more information.
  1. Click Next.
  2. At the Feedback step, select Contact app vendor.
  3. Click Finish.
    You will be presented with the Metadata details.
  1. Copy the Metadata URL.
    You will need to paste this in the Mazlan Home SAML Configuration.
  1. Scroll down to the Attribute Statements section.
  2. Click Show legacy configuration.
  1. Click Edit on the Profile attribute statements.
  1. Add the Name and Value mappings for the attributes.

Example

Name

Name format

Value

email

Unspecified

user.email

preferred_username

Unspecified

user.login

The actual values would differ depending on your organization's preference. 

Getting the Identifier and Reply URL

To get the URLs from Mazlan Home:

  1. Go to the SAML Configuration screen.
    You will see the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL).
  2. Copy these values as you will need this to configure your Okta app.

Configuring Relay State for IdP-initiated workflow

In Mazlan Home, as part of the SAML configuration, you will have to decide whether to allow IdP-Initiated SAML sign-in.

To configure this:

  1. Go the SAML Configuration.
  2. Select Accept SP-initiated and IdP-initiated SAML assertions only to enable the IdP-initiated workflow, allowing launch of Mazlan Home from your IdP dashboard (if supported).
    Once you allow IdP-initiated SAML assertions, the SAML signing and encryption options will not be supported and will be hidden.
Require SP-initiated SAML assertions Accept SP-initiated and IdP-initiated SAML assertions
  1. Click Apply Configuration to save the changes.
    You will see the Relay State at the top section of the SAML Configuration.
  2. Copy this value as you will need this to configure your Okta app.

Enabling signing and encryption

In Mazlan Home, if you are not accepting IdP-initiated assertions, you have the options to enable signed SAML requests and encrypted SAML responses.

To enable this:

  1. Go to the SAML Configuration.
  2. Select Require SP-initiated SAML assertions for IdP-Initiated SAML sign-in.
  1. Scroll further down.
    You will see the options to Sign SAML requests and Require encrypted SAML assertions.
  1. Select your desired options.
  2. Click Apply Configuration to save the changes.

  3. Download the required certificates to be uploaded to your identity provider from the top section of the SAML configuration.

Providing metadata 

In Mazlan Home, as part of the SAML configuration, you will have to provide the metadata document source from your identity provider.

To provide this:

  1. Go to the SAML configuration.
  2. Scroll to the Metadata document source section.
  1. Select Enter metadata document endpoint URL.
    You can upload a metadata document instead, but the endpoint URL option is easier when configuring Okta.
  2. Paste the metadata URL copied from Okta.
  1. Click Apply Configuration to save the changes.

Assigning users to the SAML app

You will need to assign users to the SAML app in Okta for anyone to start authenticating with your identity provider. 

Okta

To assign users in Okta:

  1. Go to the SAML application.

  2. Swittch to the Assignments tab.

  3. Click Assign.
    You can either Assign access to People or Groups depending on your organization's needs.

  4. Search for the username or group you want to assign.

  5. Click Save and Go Back after assigning every required user or group.

  6. Click Done to apply changes.

Further reading

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page