SupportLogic and Okta with SAML Integration v2.1

Modified on Fri, 16 Jun, 2023 at 12:45 PM

Purpose

Use Okta as an Identity Provider (idP) for authentication to SupportLogic.

Summary

  • Overview
  • Configure SAML application
  • Provide prerequisite information to SupportLogic
  • Configure SAML application
  • Configure Custom Attributes


Okta Integration using SAML 2.0

Okta Integration Steps

Overview

SupportLogic can use Okta as an Identity Provider (idP) for user authentication.  This ensures that SupportLogic adheres to the same authentication methods already in place at your own organization. 


Below are instructions on how to configure an Okta Identity Provider with the SupportLogic UI.  This requires action items from both your Okta Admin and SupportLogic DevOps. 


Once Single Sign On (SSO) is enabled in SupportLogic, Okta can be used to grant access to SupportLogic.


SupportLogic only supports Okta tiles when using SAML integration. If you wish to use Okta tiles should inform their Solution Architect to have this functionality enabled


See the following article for details:



Configure SAML application

SupportLogic will provide an entity id and an ACS URL after the completion of internal configuration. Provide this information to your Okta administrator and request that they create a SAML application in your identity provider


Assertion Consumer Service (ACS): the service provider's endpoint (URL) that is responsible for receiving and parsing a SAML assertion.  Keep in mind that some service providers use a different term for the ACS.  In the Okta SAML template, this is entered in the Single Sign On URL field.


Provide prerequisite information to SupportLogic  

Please supply the following information to SupportLogic from your Okta administrator;

  1. IdP Issuer URI:  (ex: http://www.okta.com/------------)

    1. The issuer URI of the Identity Provider. This value is usually the SAML Metadata entityID of the Identity Provider EntityDescriptor.

  2. idP single sign on URL (ex: https://companydomain.com/—/—/sso/)

    1. The binding specific Identity Provider Authentication Request Protocol endpoint that receives SAML AuthN Request messages from Okta.

  3. idP signature certificate in PEM format

    1. The PEM or DER encoded public key certificate of the Identity Provider used to verify SAML messages and assertion signatures.


SupportLogic’s Devops team will complete configuration changes in your environment and provide additional information for follow up.


Configure SAML application

SupportLogic will provide an entity id and an ACS URL after the completion of internal configuration. Provide this information to your Okta administrator and request that they create a SAML application in your identity provider


Configure Custom Attributes

Your Okta administrator will need to configure custom attributes for the Okta SAML Application created for SupportLogic. These attributes will be passed by Okta to SupportLogic to provide the full name, email, and picture (if available), for each user, within SupportLogic.


Complete the following steps:


  1. Log into Okta as an Administrator


  1. Locate the existing SupportLogic Application that you created.


  1. Click on “gear” to edit the settings.


  1. Under “General” tab, go to SAML Settings


  1. To the right of “SAML Settings”, click on “Edit”


  1. From the “Edit SAML Integration” screen, click next to go to “Configure SAML”


  1. Towards the bottom, we will configure the “Attribute Statements (Optional)” section.


  1. Please configure the following

    1. Select the Value from the drop down for email, picture, firstname, lastname


Name

Name format (optional)

Value

name

Unspecified

String.join(" ", user.firstName, user.lastName)

email

Unspecified

user.email

picture

Unspecified

user.profileUrl

firstname

Unspecified

user.firstName

lastname

Unspecified

user.lastName


  1. Save Changes.


  1. Test SSO login for SupportLogic




Post Setup Configurations


Authorizing users for access to SupportLogic

Users requiring access to SupportLogic will need to be authorized for SSO in Okta by an Okta administrator. Until this is done, the user will not be able to sign into SupportLogic successfully


Provision access to product features in SupportLogic

When a user is granted access to the SupportLogic App, they will be granted Swarming user level access, and a SupportLogic Admin (with Dashboard user access) will need to enable other user functions and assign the user to the right profile.. 


See “SupportLogic License Types and Different Login Options” to learn more about how to configure different access levels.















Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article