Important: This setup might fail without the parameter values customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values specific to your organization.
This article contains the following sections:
Supported Features
The Okta/QA SAML integration currently supports the following features:
- SP-initiated SSO
If you would like more information on the listed features, you can visit the Okta Glossary.
Configuration Steps
In the QA Platform
To configure the integration, follow the steps below.
Note: You must be logged in as an administrator to access the dashboard where you complete these steps.
- From the dashboard, click on the building icon in the top toolbar. The Management dashboard will appear. Open the Organization page.
- Click the Settings icon in the left navigation menu. The Settings & Integrations window will appear. Open the Company Details tab.
- Click on the Integrations tab
- On the SSO card, click View Integration to open the SSO configuration in a new window
- Click Start Configuring.
In the General Settings section, enter the following:
- SSO URL (Location): Sign into the Okta Admin Dashboard to generate this variable.
- Certificate: Sign into the Okta Admin Dashboard to generate this variable.
- Email domains: Enter your email domain(s).
In the SAML attributes mapping section, enter the following attributes:
- Permanent User ID:
permanent_id
- First name:
first_name
- Last name:
last_name
- E-mail:
In the Security Settings section:
- Select the 'Authentication Requests Signed?' check box.
- Choose whether to select the Set SSO enforcement check box. If you select this check box, your team members must use their SSO credentials to log in. Visit How to Migrate Users to SSO for more information about the effects of this check box.
- Click Save and Test. The setup of your Service Provider information appears.
- Make a note your of Organization ID from the Post-back URL value. It’s the last part of the URL.
For example, if the value in the Post-back URL field is https://platform.qa..auth0.com/login/callback?connection=sso-12345678
Then your Organization ID is 12345678.
In Okta
Log in to your Okta Admin Dashboard to complete the following steps.
Tip: You will need to return to QA, so consider opening Okta in a separate tab.
- In Okta, select the Sign On tab for the QA SAML app, then click Edit.
- Scroll down to Advanced Sign-on Settings.
- Enter your Organization ID (see the end of the previous procedure) into the corresponding field.
- Click Save.
- Assign a user who exists in QA on the Assignments tab in Okta.
-
From 3 September 2024, ensure you select the check box to enable authentication requests against the platform.qa.com domain.
- Click Save
- Go back to the QA Platform Settings and click Continue.
In the QA Platform
Return to the QA tab for the following steps:
- In the Set up your Service Provider information window, click Continue.
A test screen appears. - Click Test SSO Connection. If the configuration has problems, an error screen appears with information to help you identify the issue. Update your confirmation and try the test again.
- Once the test is successful, click Save.
From General Settings, make a note of your Subdomain URL value. Your users use this URL to log in to your account.
Notes
Since only the SP-initiated flow is supported, we recommend hiding the application icon for users and adding a Bookmark app. Follow the instructions here. Use the following Bookmark application configuration values:
- Application label: QA
- URL: Enter the Subdomain URL value from the previous procedure.
The following SAML attributes are supported:
Name | Value |
first_name | user.firstName |
last_name | user.lastName |
permanent_id | user.id |
user.email |
SP-initiated SSO
OPTION 1
Open the Subdomain URL (https://[subdomain].platform.qa.com/login) value from the previous. procedure.
OPTION 2
- Go to: https://platform.qa.com/login
- Enter your Email, then click Login.
- Click Login with SSO.
For more information, visit login with the Company SSO section of Logging into QA article
Comments
0 comments
Please sign in to leave a comment.