For detailed information regarding Okta SAML setup within Okta's application, please refer to the following guide:
Create a SAML integration using AIW | Okta
Use the SAML Service Provider Metadata XML file provided by Swank to import our configuration into your SAML Provider. You can download the file here.
Step 1 – Configure Okta SAML integration
Please find examples below of successful Okta SAML settings. Please treat these settings as a starting template. The URLs listed are specific and accurate. The other values in these settings may vary by application.
Before you create a new SAML integration in Okta:
- Determine the default Assertion Consumer Service (ACS) URL for your integration. This is often referred to as the SP sign-in URL. This is the endpoint on your application where the SAML responses are posted.
- Find your Audience URI. This is sometimes referred to as the SP Entity ID or the Entity ID of your application
- (Optional). Set up a Default Relay State page, where users land after they successfully sign in to the SP using SAML. This must be a valid URL.
- Leave this blank
- Leave this blank
- Gather any required SAML attributes. You can choose to share Okta user profile field values as SAML attributes with your application.
- You will need to determine your defining attribute(s) to grant user permissions upon signing in. Then map those attributes to the appropriate Roles within the Swank Admin portal
Please refer to the settings below:
Single Sign On URL | https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn |
Recipient URL | https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn |
Destination URL | https://digitalcampus.swankmp.net/saml/ReceiveSingleSignOn |
Audience Restriction | https://digitalcampus.swankmp.net |
Default Relay State | |
Name ID Format | EmailAddress (this may vary for your specific application) |
Response | Signed |
Assertion Signature | Signed |
Signature Algorithm | RSA_SH256 |
Digest Algorithm |
SHA256 |
Assertion Encryption |
Unencrypted |
SAML Single Logout |
Disabled |
authnContextClassRef |
PasswordProtectedTransport |
Honor Force Authentication |
Yes None (Disabled) |
SAML Issuer ID |
http://www.okta.com/$(org.externalKey) |
Attribute may vary by application.
Another example:
We strongly recommend using the following standardized names for these attributes:
urn:oid:2.5.4.42 > user.firstName
urn:oid:2.5.4.4 > user.lastName
urn:oid:0.9.2342.19200300.100.1.3 > user.email
Please refer to the images above as an example. Using the standard urn:oid: attribute names will allow us to recognize this information and automatically populate the account details for any Instructor and Admin level accounts.
Step 2 – Configure Digital Campus SAML Authentication
- Refer to the following article to continue setup in the Swank Cloud Streaming Admin:
Configuring Swank Cloud Streaming SAML Authentication
Comments
0 comments
Article is closed for comments.