You are viewing an earlier version of the admin guide. For the latest version, please visit EmpowerID Admin Guide v7.211.0.0.
Skip to end of banner
Go to start of banner

Set Up Okta as IdP

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

EmpowerID provides integration with Okta to serve as the Identity Provider (IDP) for EmpowerID, enabling a seamless integration. With this integration, users can access the EmpowerID by authenticating the credentials from Okta SSO. In order to enable Single Sign-On (SSO), you'll need to establish a SAML connection within your EID system and then configure the SAML settings in Okta. Please follow the instructions below to set Okta as an IdP.

Step 1: Configure SAML in Okta

You can create a SAML app directly from the Okta dashboard to integrate Okta with EID. Please follow Okta's relevant documentation to ensure the SAML app is created accurately. However, please ensure you correctly enter all the information below about EmpowerID in the Okta app.

Error rendering macro 'excerpt-include' : No link could be created for 'IL:Set Up SSO with Okta'.

Step 2: Gather and Verify SAML Attributes

Before you start setting up the Okta in EmpowerID, Please make sure that you have collected the following information and verified the settings in the Okta application.

  • Please preview the Okta SAML integration in Okta and ensure that there are no errors present.

  • Obtain the SAMl Issuer URL from the application that you configured earlier in the Okta Platform, which we will configure later on the EID side for your integration.

  • Create and Download the Signing Certificate from the application configured in Okta to later upload on the EID portal.

Step 3: Add CORS in EID

You need to configure EmpowerID's Cross-Origin Resource Sharing (CORS) settings to allow Okta's URL to interact with EmpowerID. The URL that you need to add is your Okta URL (also called an Okta domain). Please follow the instructions here in the docs Configure Web Security Settings to add a CORS URL.

CORS entries in EmpowerID are cached for performance, which means that in order for the new CORS URL to work , you will need to recycle the environment.

Step 4: Upload Certificate to EID

To configure the authentication request, you must upload the certificate signing certificate that you had previously downloaded from the Okta platform. This certificate will be used as the signing certificate. Please follow the instructions below to upload the certificate in EID.

  1. On the navbar, expand Apps and Authentication and click SSO Connections. Now click on SSO Components.

  2. Click on the Certificates tab and the (plus) icon to upload a new certificate.

  3. Select 'Upload Certificate,' choose the Certificate Owner, and then upload the certificate file you downloaded from Okta."

  4. Click on Save to upload the certificate.

Create a SAML Connection in EID

  1. On the navbar, expand Apps and Authentication and click SSO Connections. Now click on SAML.

  2. You can view all SAML connections and create a new one by clicking the (plus) icon.

  3. When selecting a SAML connection type, it's important to determine whether the connection will operate as an Identity Provider (IdP) or if it will utilize EID as its IdP. In this article, we'll use the Identity Provider option as our example, as we intend to configure Okta to function as the IdP. Please select the Default SAML IdP connection Settings.

    • The Service Provider (SP) is an application or service that depends on the EID as an Identity Provider to authenticate and provide access to users. This integration allows the SP to manage user access efficiently using EID.

    • The Identity Provider (IdP) is responsible for authenticating users and providing access permissions for the EmpowerID application. It generates SAML assertions for users after authentication, which EID then uses to grant or deny access to their resources.

  4. Please provide the connection details for the SAML connection.

    Error rendering macro 'excerpt-include' : No link could be created for 'IL:Set Up SSO with Okta'.

  5. Please provide the URL of your Okta instance that will be used for Single Sign-On (SSO) authentication.

  6. Please provide the Logout URL and the Logout SAML HTTP protocol used.

    • The Logout URL is the Single Logout (SLO) URL provided by Okta. This URL will handle the logout process, ensuring that the user's session is terminated in both EmpowerID and Okta.

    • The Logout SAML Protocol is the HTTP method to send SAML requests. To configure Okta in EID, please select the HTTPPost option.

  7. You can create a new account, Directory or you can select an existing account directory.

    • Select the checkbox Create a New Account Directory to create a new account directory.

    • Alternatively, you can choose to select an existing account directory.

  8. Please provide the necessary information related to the Certificates for the SAML connection.

    • The Signing Certificate is used by the IdP to digitally sign the SAML assertions and messages it sends to the SP. The SP, when receiving these messages, can use the IdP's signing certificate to verify the message's integrity and authenticity. It should be the public key.

    • The Verifying Certificate is used by the SP to verify the digital signatures on SAML assertions and messages sent by the IdP. The SP uses the verifying certificate to ensure that the messages it receives are genuinely signed by the trusted IdP and that they haven't been altered or forged.

  9. Click on the Authn Request tab and select Create a New Authentication Request. You have the option to create a new one or use an existing SAML Authentication Request. Enter the required details to create a new
    authentication request.

    Error rendering macro 'excerpt-include' : No link could be created for 'IL:Set Up SSO with Okta'.


  • No labels