Configuring SAML 2.0 with Okta

Follow this guide to use SAML 2.0 with Okta to connect to Mursion

Introduction

This guide provides information on how to configure SAML 2.0 integration between Mursion and Okta.

Supported Features

The Mursion and Okta SAML 2.0 integration currently supports the following features:

  • SP-initiated SSO
  • JIT (Just In Time) Provisioning

Configuration Steps

  1. Sign in to Mursion Portal.
  2. Select Settings on the top menu then select the SSO sub-tab.
  3. Click Create SSO Configuration.
  4. On the New SSO Configuration dialog, enter the following:
    1. Protocol: Select SAML 2.0.
    2. Configuration Name: Enter a descriptive name of your choice.
    3. Single Sign-On Service Endpoint: Enter or copy and paste the Identity Provider Single Sign-On URL. 
    4. Logout Endpoint: Enter the following URL, replacing yourdomain with your Okta domain - https://${yourOktaDomain}/login/signout.
    5. Entity ID: Enter or copy and paste the Identity Provider Issuer.
    6. X.509 Certificate: Copy and paste the PEM formatted text of the Okta certificate that will be used to verify SAML responses.  Make sure to include the -----BEGIN CERTIFICATE----- header and
    7. -----END CERTIFICATE----- footer.
    8. Email Claim Name: Enter email.
    9. First Name Claim Name: Enter firstName.
    10. Last Name Claim Name: Enter lastName.
    11. Single Logout Enabled: Optionally, check this option to initiate a request to end the Okta user’s session when the user’s Mursion Portal session ends due to explicit logout or session timeout. 
    12. Team Claim Name: Optionally, to externally manage team assignment through a SAML user attribute, specify the name of the attribute that contains the value that should be used to assign users to a Mursion Portal team.
    13. Team Mapping: If a Team Clain Name is specified, click the Add + button to add a mapping. Select a Mursion Portal team from the Team drop down. Enter the value of the attribute that should be mapped to the Portal team. To remove a mapping, click the x on the right of the mapping.
  5. Click Create SSO Configuration.
  6. Click the newly created SSO Configuration.
  7. On the Edit SSO Configuration dialog, 
    1. Click Download  SP Metadata. Save the metadata XML file.
    2. Click to copy the SP Initiated SSO URL. Save the URL to be entered in Okta in a subsequent step.
  8. In Okta, add a new application. Click Create New App.
  9. On the Create a New Application Integration dialog:
    1. Platform: Select Web.
    2. Sign on method: Select SAML 2.0
  10. On the General Settings tab:
    1. App Name: Enter a name of your choice for the application.
    2. Application Visibility: Check both Do not display application icon options. A Bookmark Application will be added later that will be displayed to users. 
  11. On the Configure SAML tab: 
    1. Single sign-on URL: Copy and paste the AssertionConsumerService Location from the SP Metadata file.
    2. Audience URI (SP Entity Id): Copy and paste the entityID from the SP Metadata file.
    3. Application username: Select Email.
    4. Attribute Statements: Add the following attributes:
      1. Name: email Value: user.email
      2. Name: firstName Value: user.firstName
      3. Name: lastName Value: user.lastName
  12. Click Finish
  13. Complete the steps in the next following section to add a bookmark application for Mursion.

Adding a Bookmark Application for Mursion 

  1. Refer to the Bookmark Application documentation and add a Bookmark application for Mursion.
  2. On the General Settings tab:
    1. Application label: Enter Mursion as the label for the application.
    2. URL: Enter the SP Initiated SSO URL that was copied from Mursion Portal.
  3. Edit the Bookmark App’s logo and change it to the Mursion logo (this link can be used to download the Mursion logo).