SSO with Okta

Introduction

Our PSA supports integrating the application with Okta’s SSO product. Okta is a cloud base SSO provider that support SAML 2.0 Standard. This guide helps you to integrate PSA with Okta. After the successful setup when a user logs in to OKTA and navigate to their applications dashboard they can click on the PSA app and it will launch their tenant site with the user already logged in.

14_singin_okta_page.png

Pre-requisites

  • Admin account in PSA and Okta
  • Setup in Okta

Sections

Setup of SSO with Okta and PSA involves the following steps.

Add PSA application in Okta.

  • Login to your Okta portal using your admin account
  • Navigate to Admin dashboard

mceclip2.png

  • Click on Add Applications
  • Choose Create New App

mceclip1.png

  • Set the following in the Create a New Application Integration
    • Platform: Web
    • Sign on method: SAML 2.0 
    • Click on Create
  • General App Settings
    • App name: Kaseya BMS
    • App logo: Provide a logo for the application
    • App visibility: Keep the defaults, Click Next
  • Configuring SAML
    • SSO URL : This is the PSA URL. The format is <server name>/SAML/Connect.aspx
    • Navigate to Admin > My Company > Auth and Provision.
    • Under the single sign on URL, copy the URL in the field
    • Set it in Okta
  • Check the checkbox saying: “Use this for Recipient URL and Destination URL”
  • Audience URI (SP Entity ID): KaseyaBMS
  • Application username: Email
  • Select the link “Show Advanced Settings” to expand the advanced settings section.

    2_new_app.png

    3_General_settings.png

    5_configue_SAML.png

In Advanced Settings only change the data mentioned below, keep the others as default.

  • Assertion Signature: Unsigned
  • Authentication context class: Unspecified

Adding Attributes

  • Attribute 1
    • Name: email
    • Format: Basic
    • Value: user.email
  • Attribute 2
    • Name:CompanyName
    • Format: Basic
    • Value: {tenant name} , Add your tenant name here.
      • Navigate to My Profile, Click on your name on the right of the top navigation bar. You will see your gateway URL and Company Name listed here. This is your tenant name. 
  • Attribute 3
    • Name: firstname
    • Format: Basic
    • Value: user.firstname
  • Attribute 4:
    • Name: lastname
    • Format: Basic
    • Value: user.lastname
  • Attribute 5:
    • Name: username
    • Format: Basic
    • Value: user.login
  • Attribute 6 : Group Attribute
    • Name: securitygroup
    • Format: Basic
    • Matches regex: .*

atributes_correct_one.png

Feedback

The final step of the configuration is Feedback

  • Choose Internal App for customer or partner?
  • Select the check box for internal app
  • Click Finish

7_feedback.png

Download the certificate

After finishing the setup, you will be provided with the Sing on methods screen. Click on View Setup Instructions. You will be redirected to the certificate page.

  • Copy and save the Identity Provider Single Sign-On URL from this page
  • Download Certificate10_sing_on_url.png

9_certificate.png

Application Assignment in Okta

In order to launch PSA using Okta, you must first assign your users in Okta to the newly created application. Under the application settings page, navigate to the Assignments tab, click the Assign button and add Okta users or groups to the application.

Important: The users assigned should have the email address in OKTA same as the username in PSA.

11_assignment.png

Setup SSO in PSA

  1. In PSA, navigate to Admin > My Company > Auth and Provision.
  2. On the Single Sign On tab, click Upload Certificate.
  3. Select the Okta certificate you previously downloaded.
  4. Set Enable Single Sign On via SAMLto Yes.
  5. Paste the Okta login url you copied above into the SAML Login Endpoint URL field. This enables user authentication with Okta from the PSA login page.
  6. Click Save.

mceclip0.png

Enable SSO for Employees

  1. Navigate to HR > Employees.
  2. Select an employee.
  3. Under External Authentication Type, select SAML SSO.

mceclip0.png

 

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Contact us