Page Comparison

EmpowerID provides integration with Okta to serve as the Identity Provider (IDP) for EmpowerID, enabling a seamless integration. With this integration, users can access the EmpowerID by authenticating the credentials from Okta SSO. In order to allow for This article provides a comprehensive guide for configuring EmpowerID to use Okta as an Identity Provider (IdP) through Security Assertion Markup Language (SAML). The configuration enables Single Sign-On (SSO) , you'll need to establish a SAML connection within your EID system and then configure the SAML settings in Okta. Please follow the instructions below to set Okta as an IdP.

In this setup, EID functions as a

capabilities, allowing users to access EmpowerID services by authenticating via Okta. In this integration, EmpowerID acts as the Service Provider (SP), and Okta functions as the

Identity Provider (IdP). The instructions and URL reflect an SP-initiated SSO, meaning that users begin the login process at EID, redirecting them to Okta for authentication.Step 1:

IdP.

Expand

title	Prerequisites

Administrative access to the Okta Admin Dashboard.
Administrative access to EmpowerID.

Steps Overview

Configure SAML in Okta
Gather and Verify SAML Attributes
Add Cross-Origin Resource Sharing (CORS) in EmpowerID
Upload Certificate to EmpowerID
Create a SAML Connection in EmpowerID

Step 1 – Configure SAML in Okta

Log in to your the Okta Admin Dashboard.
Navigate to Applications.
- Click "Applications" in the sidebar and select "Applications" from the drop-down menu.
To add a new application, begin by clicking on Create App Integration.
- Click the "Create App Integration" button.
Image Removed
- Image Added
Select Sign-In Method.
- Select SAML 2.0
as the Sign-in method for the application
- and click Next.
Image Removed
Please enter the necessary general information for the integration and click the Next button to proceed.
Image Removed
Provide the necessary SAML settings information for your integration.
- Image Added
Under General Settings, enter an App Name as a minimum and click Next.
Image Added
Input SAML Settings.
- Input the following information:
  Insert excerpt
  IL:Set Up Okta as IdP
  IL:Set Up Okta as IdP
  name OktaConfig
  nopanel true
Image Removed
Scroll down to the bottom of the page and click Preview SAML to verify its accuracy. Then, click Next to proceed to the Feedback tab.
Image RemovedPlease provide additional information on the Feedback page and click Finish to save the integration application.
Image Removed

You have completed adding an EID integration as an application in Okta. Now, we can gather the necessary certificates and information from Okta.

Step 2:

Review Configuration
- Click Preview SAML and verify the settings.
- Click Next and fill out the Feedback form if desired.
- Click Finish.
Image Added

Step 2 – Gather and Verify SAML Attributes

Before setting up Okta in EmpowerID, we need SAML setup information and a certificate from Okta for later use in EID. Please follow the instructions below to obtain the necessary.

Log in to your Okta Admin Dashboard.
In the sidebar, click on Applications and then select Applications from the drop-down menu.
Click the link with your Application Name to view details of your previously created application.
Image Removed
After clicking the link, you will be redirected to the detail page, where you can view its details. On the detail page, click on the SAML tab. In this tab, you will find the View SAML Setup Instructions button. Click on it to proceed.
Image Removed
From the Preview window, you can access the required information and certificate.
Image Removed
Obtain the
Retrieve SAML Setup Information.
1. Navigate to the details of the newly created application in Okta.
2. Click on the SAML tab and then View SAML Setup Instructions.
  Image Added
3. Obtain the following information:
  - Identity Provider Single Sign-On URL
, which we will configure later on the EID side for your integration.
Obtain the
1. - Identity Provider Issuer URL
.
Click on
1. Download
Certificate from the page, and the downloaded certificate will be used as a Signing Certificate, which will later be uploaded in step #4.

You have received all the information from Okta to configure SAML in EID. The next step is to configure the SAMl connection in EID.

Step 3: Add CORS in EID

1. the signing certificate.
  Image Added

Step 3 – Add CORS in EmpowerID

Configure CORS Settings
- You need to configure EmpowerID's Cross-Origin Resource Sharing (CORS) settings to allow Okta's URL to interact with EmpowerID. The URL that you need to add is your Okta URL (also called an Okta domain). Please follow the

instructions here in the docs

- EmpowerID documentation for CORS configuration here: Configure Web Security Settings

to add a CORS URL

- .
  Image Modified

note

Recycle the Environment.
- CORS

entries in EmpowerID

- settings are cached

for performance, which means that you will need to

- ; therefore, recycle the EmpowerID environment for

the new CORS URL to work

- changes to take effect.

Step 4

:

– Upload Certificate to

EID

EmpowerID

To configure the authentication request, you must upload the certificate signing certificate that you had previously downloaded from the Okta platform. This certificate will be used as the signing certificate. Please follow the instructions below to upload the certificate in EID.

On the navbar, expand Apps and Authentication and click SSO Connections. Now click on SSO Components

Navigate to SSO Components.
- From the navigation bar, go to Apps and Authentication > SSO Connections > SSO Components.
Upload Certificate.
1. Click on the Certificates tab and the icon to upload a new certificate.
  Image Modified
2. Select Upload Certificate, choose the Certificate Owner, and then upload the certificate
file you
1. downloaded from Okta.
  Image Modified
Click on Saveto upload the certificate.

Step 5

:

– Create a SAML Connection in

EID

EmpowerID

On the navbar, expand Apps and Authentication and click > SSO Connections . Now and click on SAML.
You can view all SAML connections and create a new one by clicking the Click the Add New icon.
When selecting a SAML connection type, it's important to determine whether the connection will operate as an Identity Provider (IdP) or if it will utilize EID as its IdP. In this article, we'll use the Identity Provider option as our example, as we intend to configure Okta to function as the IdP. Please select the Default SAML IdP connection Settings.
- The Service Provider (SP) is an application or service that depends on the EID as an Identity Provider to authenticate and provide access to users. This integration allows the SP to manage user access efficiently using EID.
- The Identity Provider (IdP) is responsible for authenticating users and providing access permissions for the EmpowerID application. It generates SAML assertions for users after authentication, which EID then uses to grant or deny access to their resources.
  Image Removed
Please provide the connection details for the SAML connection. Fill in the required fields as outlined in the table below:
Insert excerpt
IL:Set Up Okta as IdP
IL:Set Up Okta as IdP
name SAMLConnectionGeneral
nopanel true
Please provide Under Identity Provider URL Details, Enter the Identity Provider Single Sign-On URL from the Okta SAML application integration.
Please provide Under Logout URL, enter the Logout URL and the Logout SAML HTTP protocol Protocol used.
- The Logout URL is the Single Logout (SLO) URL provided by Okta. This URL will handle the logout process, ensuring the user's session is terminated in both EmpowerID and Okta.
- The Logout SAML Protocol is the HTTP method to send SAML requests. To configure Okta in EID, please select the HTTPPost option.
You can Under Account Information, select whether to create a new account, Account Directory or you can to select an existing account directory.
Select the Create a New
Account Directory
checkbox to create a new account directory
.
Alternatively, you can choose to select an existing account directory.
Image Removed

P

lease

Image Added

Under Certificates, please provide the necessary information related to the Certificates for the SAML connection.
- The Signing Certificate is used by the IdP to digitally sign the SAML assertions and messages it sends to the SP. When receiving these messages, the SP can use the IdP's signing certificate to verify the message's integrity and authenticity. It should be the public key.
- The SP uses the Verifying Certificate to verify the digital signatures on SAML assertions and messages the IdP sends. The SP uses the verifying certificate to ensure that the trusted IdP genuinely signs the messages it receives and that they haven't been altered or forged.
Click on the Authn Request tab and select Create a New Authentication Request. You have the option to create a new one or use an existing SAML Authentication Request. Enter the required details to create a new authentication request and click on Save.

Insert excerpt
IL:Set Up Okta as IdP
IL:Set Up Okta as IdP
name SAMLAuthRequest
nopanel true

You have successfully configured SSO, where users start the login process at EID and are then redirected to Okta for authentication. Please test

Step 6 – Testing the Configuration

Test the configuration by logging in to EID with your EmpowerID using Okta credentials.

Div

style	float:left; position:fixed;
id	articleNav

IN THIS ARTICLE

Table of Contents

maxLevel	4
minLevel	2
style	none
printable	false

Insert excerpt

	IL:External Stylesheet
	IL:External Stylesheet
nopanel	true

Versions Compared

Old Version 41

New Version Current

Key

Steps Overview

Step 1 – Configure SAML in Okta

Step 2 – Gather and Verify SAML Attributes

Step 3 – Add CORS in EmpowerID

Step 4

– Upload Certificate to

EmpowerID

Step 5

– Create a SAML Connection in

EmpowerID

Step 6 – Testing the Configuration