...
Once your Admin account is ready,
Navigate to “Applications” from the sidebar menu
Select the “Create App Integration” button
On the select the “SAML 2.0” option
Choose a name for your app and select the “Next” button
Open the External Share global settings and navigate to the “SSO Configuration” tab on a separate page
Copy the data from External Share SSO configuration and paste it into the Okta Configure SAML step
Required value “Single sign on URL“ can be found on External Share SSO configuration as “Assertion Consumer URL“
Required value “Audience URI (SP Entity ID)“ can be found on External Share SSO configuration as “Issuer ID“
Required value “Default RelayState“ can be found on External Share SSO configuration as “Default RelayState“
Click on the “Application username” dropdown menu and select the “Email” option
Scroll down to the “Attribute statements” section
Create 3 attributes
Name: givenname - Value: user.firstName
Name: surname - Value: user.lastName
Name: emailaddress- Value: user.email
Scroll down and select the “Next button”
Provide your feedback and select “Finish”
SAML setup
Select the application you created and click on the “Sign on” tab, scroll down and you will see a section called “SAML Signing Certificates”, at the right side of this section there is a button called “View SAML setup instructions”.
Click on the “View SAML setup instructions” button
Copy the value from the first step “Identity Provider Single Sign-On URL” and paste it into the “Login URL” field on the External Share SSO configuration tab.
Copy the value from the second step “Identity Provider Issuer” and paste it into the “Identifier” field on the External Share SSO configuration tab.
Copy the value from the third step “X.509 Certificate” and paste it into the “Certificate” field on the External Share SSO configuration tab.
Save
Info |
---|
There are no users assigned at this stage. |
Assign users
On Okta, navigate to the “Directory” tab
Select the “People” sub-tab
Add a user and assign them to the application
Note |
---|
Configuring SSO does NOT automatically limit users share access to SSO, you must first Require Corporate SSO loginwhen accessing shares. If you wish to ensure the identity of external users is checked with your identity provider when accessing shares, you must require this option in the security tab in External Share. |