Our December Office Hours are on Holiday break - See you in January 2025! - REGISTER TO STAY UPDATED.



Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            SupportLogic and Okta with SAML Integration v2.1

            Modified on Fri, 16 Jun, 2023 at 12:45 PM

            Purpose

            Use Okta as an Identity Provider (idP) for authentication to SupportLogic.

            Summary

            • Overview
            • Configure SAML application
            • Provide prerequisite information to SupportLogic
            • Configure SAML application
            • Configure Custom Attributes


            Okta Integration using SAML 2.0

            Okta Integration Steps

            Overview

            SupportLogic can use Okta as an Identity Provider (idP) for user authentication.  This ensures that SupportLogic adheres to the same authentication methods already in place at your own organization. 


            Below are instructions on how to configure an Okta Identity Provider with the SupportLogic UI.  This requires action items from both your Okta Admin and SupportLogic DevOps. 


            Once Single Sign On (SSO) is enabled in SupportLogic, Okta can be used to grant access to SupportLogic.


            SupportLogic only supports Okta tiles when using SAML integration. If you wish to use Okta tiles should inform their Solution Architect to have this functionality enabled


            See the following article for details:



            Configure SAML application

            SupportLogic will provide an entity id and an ACS URL after the completion of internal configuration. Provide this information to your Okta administrator and request that they create a SAML application in your identity provider


            Assertion Consumer Service (ACS): the service provider's endpoint (URL) that is responsible for receiving and parsing a SAML assertion.  Keep in mind that some service providers use a different term for the ACS.  In the Okta SAML template, this is entered in the Single Sign On URL field.


            Provide prerequisite information to SupportLogic  

            Please supply the following information to SupportLogic from your Okta administrator;

            1. IdP Issuer URI:  (ex: http://www.okta.com/------------)

              1. The issuer URI of the Identity Provider. This value is usually the SAML Metadata entityID of the Identity Provider EntityDescriptor.

            2. idP single sign on URL (ex: https://companydomain.com/—/—/sso/)

              1. The binding specific Identity Provider Authentication Request Protocol endpoint that receives SAML AuthN Request messages from Okta.

            3. idP signature certificate in PEM format

              1. The PEM or DER encoded public key certificate of the Identity Provider used to verify SAML messages and assertion signatures.


            SupportLogic’s Devops team will complete configuration changes in your environment and provide additional information for follow up.


            Configure SAML application

            SupportLogic will provide an entity id and an ACS URL after the completion of internal configuration. Provide this information to your Okta administrator and request that they create a SAML application in your identity provider


            Configure Custom Attributes

            Your Okta administrator will need to configure custom attributes for the Okta SAML Application created for SupportLogic. These attributes will be passed by Okta to SupportLogic to provide the full name, email, and picture (if available), for each user, within SupportLogic.


            Complete the following steps:


            1. Log into Okta as an Administrator


            1. Locate the existing SupportLogic Application that you created.


            1. Click on “gear” to edit the settings.


            1. Under “General” tab, go to SAML Settings


            1. To the right of “SAML Settings”, click on “Edit”


            1. From the “Edit SAML Integration” screen, click next to go to “Configure SAML”


            1. Towards the bottom, we will configure the “Attribute Statements (Optional)” section.


            1. Please configure the following

              1. Select the Value from the drop down for email, picture, firstname, lastname


            Name

            Name format (optional)

            Value

            name

            Unspecified

            String.join(" ", user.firstName, user.lastName)

            email

            Unspecified

            user.email

            picture

            Unspecified

            user.profileUrl

            firstname

            Unspecified

            user.firstName

            lastname

            Unspecified

            user.lastName


            1. Save Changes.


            1. Test SSO login for SupportLogic



            Post Setup Configurations


            Authorizing users for access to SupportLogic

            Users requiring access to SupportLogic will need to be authorized for SSO in Okta by an Okta administrator. Until this is done, the user will not be able to sign into SupportLogic successfully


            Provision access to product features in SupportLogic

            When a user is granted access to the SupportLogic App, they will be granted Swarming user level access, and a SupportLogic Admin (with Dashboard user access) will need to enable other user functions and assign the user to the right profile.. 


            See “SupportLogic License Types and Different Login Options” to learn more about how to configure different access levels.















            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0