Skip to main content
Sign in

Okta SAML settings example

Ryan Barnes
  • Updated

For detailed information regarding Okta SAML setup within Okta's application, please refer to the following guide: 

Create a SAML integration using AIW | Okta


Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Provider. You can download the file here.

 

Step 1 – Configure Okta SAML integration

Please find examples below of successful Okta SAML settings. Please treat these settings as a starting template. The URLs listed are specific and accurate. The other values in these settings may vary by application. 

Before you create a new SAML integration in Okta:

  • Determine the default Assertion Consumer Service (ACS) URL for your integration. This is often referred to as the SP sign-in URL. This is the endpoint on your application where the SAML responses are posted.
  • Find your Audience URI. This is sometimes referred to as the SP Entity ID or the Entity ID of your application
  • (Optional). Set up a Default Relay State page, where users land after they successfully sign in to the SP using SAML. This must be a valid URL.
    • Leave this blank

  • Gather any required SAML attributes. You can choose to share Okta user profile field values as SAML attributes with your application.
    • You will need to determine your defining attribute(s) to grant user permissions upon signing in. Then map those attributes to the appropriate Roles within the Swank Admin portal

Please refer to the settings below: 

Single Sign On URL https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn
Recipient URL https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn
Destination URL https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn
Audience Restriction https://digitalcampus.swankmp.net
Default Relay State  
Name ID Format EmailAddress (this may vary for your specific application)
Response Signed
Assertion Signature Signed
Signature Algorithm RSA_SH256
Digest Algorithm

SHA256
Assertion Encryption

Unencrypted
SAML Single Logout

Disabled
authnContextClassRef

PasswordProtectedTransport
Honor Force Authentication

Yes

None (Disabled)
SAML Issuer ID

http://www.okta.com/$(org.externalKey)

 Attribute may vary by application. 

mceclip0.png

 

 

Step 2 – Configure Digital Campus SAML Authentication

  1. Log Into your Digital Campus portal and select the Admin section
  2. Before proceeding further, if you do not see "SAML External" in the left menu under Authentication, You will need to request your Authentication mode be changed to SAML. Please ask your Account Manager to revised this, then proceed as follows
    mceclip0.png
  3. Select Authentication / SAML External
    1. Load Settings
      1. In Okta, Click < > Preview the SAML Assertion to view the XML generated from the Configure SAML section of the SAML App Wizard, and save the XML file
        mceclip10.png
      2. Click the Select button and Choose the XML File downloaded in the Step 1.10 and then Save. This will populate the majority of the data we need in the Digital Campus application.
        mceclip6.png
      3. Signon Tab - Confirm SingleSignOnServiceUrl = Okta Login URL and uncheck: WantAssertionSigned, WantAssertionOrResponseSigned, and WantAssetionEncrypted .

        mceclip0.png

      4. Miscellaneous Tab - Confirm PartnerName/EntityID = Okta Identifier
        mceclip1.png

      5. Certificates Tab -Confirm Partner Certificate was loaded
        mceclip2.png

      6. Save Settings - Click “Save all Settings” before proceeding.
        mceclip17.png
      7. Test Login Attributes Tab / Test
        mceclip18.png
        1. This should trigger the SAML authentication and once complete lands on the site with this screen:
          mceclip13.png
      8. Close the browser and then Log back into the Digital Campus Portal Admin section
      9. You should now see the SAML Test Results:
        mceclip3.png
        We should now be ready to configure roles.
      10. Roles Tab / Click Add Role
        1. Enter the SAML Role Mapping that you want to use from Test Results.

          Example:  To map email domain to User role in the application:
          mceclip6.png

          Example: To add map specific email addresses to Instructor and Administrator roles.
        2. mceclip4.png


          *For VIRTUAL SCREENINGS, only User level permission is required. We find most schools can use a single role mapping the email attribute to the entire email domain(s). Example below: 
          Name = urn:oid:0.9.2342.19200300.100.1.3
          Value = @schooldomain.edu (replace this with your school's actual email domain. "@" needs to lead the domain)
          Role = User

                You should now be able to test all these login combinations on the site.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk