Device Management MDM

Single Sign-On with Okta

In this tutorial, we will learn how to integrate Applivery with your Okta Users Directory through SAML. Please follow carefully the next steps:

Step 1 - Get the Service Provider information from Applivery #

Please Note

The usage of custom domains will modify certain configurations of this step (callback domain name for instance) so if you plan to use this feature, make sure you have already configured custom domains before starting with this step.

Go to your Workspace > Settings and go to the Login providers section. Now click the Configure button beside the SAML row depending on whether you want to configure it for the Dashboard, App Store or MDM Portal.

login-providers
You will see now your SAML configuration, including a pre-configured SAML metadata XML file that you will be able to import into your Identity Provider.Since Okta does not allow uploading the Applivery pre-configured metadata XML, you can use the fields below to map the required params:
  • Single Sign On URL:
    • Dashboard: https://dashboard.applivery.com/welcome/sso/{organization_slug}
    • App Store: {organization_slug}.applivery.io or you.yourcompany.com
  • Audience URI (SP Entity ID): https://dashboard.applivery.com/sso/{organization_slug}/metadata.xml
saml-config

Step 2 - Configure your Okta Identity Provider #

Now that you have your Service Provider information, it’s time to configure it in your IdP. For this example we will use Okta platform that allows you to configure any Service Provider supporting SAML 2.0

Step 2.1 - Login into Okta Admin Portal and create an App #

Login into your Okta Portal and go to Applications. Then click the + Add Application green button at the top of the page, choose Create new app, and choose SAML 2.0.
saml-okta-apps
saml-okta-step1

Step 2.2 - Configure SAML #

Give a name to your new App and optionally upload the Applivery logo to easily identify it. Then click Next.

saml-okta-step2

In the next screen fill out the Single sign-on URL and Audience URI with the values mentioned above. Additionally, select Name ID format = EmailAddress and Application username = Email. Leave the rest of the fields with the default values.

Note
Note that in OKTA you must place the Callback URL in the Single sign on URL. i.e.: https://dashboard.applivery.io/welcome/sso/demo
saml-okta-step3

Then scroll down to the GROUP ATTRIBUTE STATEMENTS section and use the following configuration to enable sending Okta groups to Applivery:

  • Name: http://schemas.microsoft.com/ws/2008/06/identity/claims/groups
  • Name format: URI Reference
  • Filter: User your preferred configuration based on your needs. For instance, you can choose Start with and type something that will be used as a prefix so that all groups matching that prefix in your Okta Directory will be sent to Applivery or choose Matches regex and type .* to always send all groups or define any other regular expression.

Once configured, click Next.

Step 2.3 - Download Federation Metadata XML file from Okta #

In the next screen select I’m an Okta customer adding an internal App and click Finish.
saml-okta-step4

You will be redirected to the Sign On screen where you will be able to download the Federation Metadata XML under the link Identity Provider Metadata. Click the link and save the XML file.

saml-okta-step5

Go back to the Applivery Dashboard > SAML Provider screen (same as in Step 1 of this tutorial) and upload the Federation Metadata XML file under Step 2. Then click Save changes.

Once saved, use the switch button to enable your new SAML integration in your organization.

saml-upload

Step 3 - Test it out #

And that’s it! Now that you have both ends (Okta & Applivery) connected, you can Add some authorized users to Okta (going to Directory > People), making sure you add this new Okta App to each of them). Then navigate to your App Store URL or Dashboard Login Screen (https://dashboard.applivery.io/welcome/sso) and try to log in with an authorized user.

Was this article helpful?

— talk to an expert —

Schedule a demo