Follow this guide to use SAML 2.0 with Okta to connect to Mursion
Introduction
This guide provides information on how to configure SAML 2.0 integration between Mursion and Okta.
Supported Features
The Mursion and Okta SAML 2.0 integration currently supports the following features:
- SP-initiated SSO
- JIT (Just In Time) Provisioning
Configuration Steps
Add Mursion App Integration in Okta
- In Okta, browse the App Integration Catalog and search for Mursion.
- Click the Add Integration button on the Mursion app details page.
- On the General Settings tab:
- Application Visibility: Check both Do not display application icon checkboxes. A Bookmark Application will be added later that will be displayed to users.
- Click the Next button.
- On the Sign-On Options tab:
- In the Sign on methods section,
- Leave SAML 2.0 selected.
- Click the View Setup Instructions button to open the configuration page to display the settings that will be used in subsequent steps when creating the SSO Configuration in Mursion Portal.
- In the Advanced Sign-on Settings section,
- Environment: Select the appropriate Environment - Staging or Production.
- SSO Configuration ID: Leave this blank for now as it will be added in a later step.
- In the Credentials Details section,
- Application username format: Select Email
- Click the Done button.
- In the Sign on methods section,
- Complete the steps in the following section to create a SSO Configuration in Mursion Portal.
Create SSO Configuration in Mursion Portal
- Sign in to Mursion Portal.
- Select Settings on the top menu then select the SSO sub-tab.
- Click Create SSO Configuration.
- Please review this note about Claim fields, then, in the New SSO Configuration dialog, enter the following:
- Protocol: Select SAML 2.0.
- Configuration Name: Enter a descriptive name of your choice.
- Single Sign On Service Endpoint: Enter or copy and paste the Identity Provider’s Single Sign On Service Endpoint.
- Logout Endpoint: Enter the following URL, replacing yourOktaDomain with your Okta domain - https://${yourOktaDomain}/login/signout.
- Entity ID: Enter or copy and paste the Identity Provider’s Entity ID.
- X.509 Certificate: Copy and paste the PEM formatted text of the Okta certificate that will be used to verify SAML responses. Make sure to include the -----BEGIN CERTIFICATE----- header and
- -----END CERTIFICATE----- footer.
- Email Claim Name: Enter email.
- First Name Claim Name: Enter firstName.
- Last Name Claim Name: Enter lastName.
- Single Logout Enabled: Optionally, check this option to initiate a request to end the Okta user’s session when the user’s Mursion Portal session ends due to explicit logout or session timeout.
- Team Claim Name: Optionally, to externally manage team assignment through a SAML user attribute, specify the name of the attribute that contains the value that should be used to assign users to a Mursion Portal team.
- Team Mapping: If a Team Clain Name is specified, click the Add + button to add a mapping. Select a Mursion Portal team from the Team drop-down. Enter the value of the attribute that should be mapped to the Portal team. To remove a mapping, click the x on the right of the mapping.
- Click Create SSO Configuration.
- Click the newly created SSO Configuration.
- On the Edit SSO Configuration dialog,
- Copy the ID value which is the SSO Configuration ID. Save the SSO Configuration ID to be entered in the Mursion Okta app in a subsequent step.
- Copy the SP Initiated SSO URL. Save the URL to be entered in the Mursion Okta app in a subsequent step.
- Click the Cancel button to close the Edit SSO Configuration dialog.
- Complete the steps in the next section to add the SSO Configuration ID to the Mursion app in Okta.
Add SSO Configuration ID to Mursion App
- In Okta, select the Mursion SAML app.
- Select the Sign On tab and click Edit.
- In the Advanced Sign-on Settings section,
- SSO Configuration ID: Paste the SSO Configuration ID that was copied from the SSO Configuration in Mursion Portal
- Click the Save button.
- Complete the steps in the following section to add a bookmark application for Mursion.
Adding a Bookmark Application for Mursion
- Refer to the Bookmark Application documentation and add a Bookmark application for Mursion.
- On the General Settings tab:
- Application label: Enter Mursion as the label for the application.
- URL: Enter the SP Initiated SSO URL that was copied from Mursion Portal.
- Edit the Bookmark App’s logo and change it to the Mursion logo (right click and save as png):