Okta

  1. Log in to Okta.
  2. Under Admin > Security, click on Authentication.
  3. Click on Inbound SAML then Add Endpoint. The Add/Edit Endpoint pop-up form is displayed.
  4. Configure the following settings then click on Save Endpoint to commit your changes:
    • Alias – name for referencing this Endpoint within your organization
    • IDP Certificate – the M-Pin SSO X.509 certificate (found under Global Settings > SSO information in the M-Pin SSO web portal)
    • IDP Issuer – the M-Pin SSO Server Entity ID (found under Global Settings > SSO information in the M-Pin SSO web console)
    • IDP Login URL – the M-Pin SSO SAML SSO Endpoint (found under Global Settings > SSO information in the M-Pin SSO web console)
    • IDP Binding – HTTP-Redirect
    • Transform Username – username
    • Name ID Format – Email Address
    • SP-initiated SAML – enabled
  5. Download the SAML metadata file of the newly configured Endpoint. (You will need this file to configure the SP profile in M-Pin SSO.) To do this, select the Download SAML Metadata link.

In the M-Pin SSO web portal:

  1. Under Integration, click on the + button next to Okta profiles.
    The Add Okta profile page is displayed.
  2. Complete the required fields and save the profile. Settings:
    • Name: (required) – name of the profile, e.g. Sample Okta Profile
    • LDAP Profile: ­– if you have LDAP profiles configured, they will be available in this drop-down
    • Recipient URL: – IAM client application end point to which the M-Pin SSO SAML response is returned
    • Metadata: (required) – the SAML metadata file of the M-Pin SSO Endpoint configured in your Okta account.

      After saving, the profile will display on the Okta profiles page. From this point on, when your users visit the Okta service and enter an email address belonging to the profile just set up, Okta will detect that single sign-on is enabled and a password will no longer be necessary.