AI Docs

Using Okta SAML 2.0 to authenticate access to Certero | v8.1

2 min read

Using Okta SAML 2.0 to authenticate access to Certero | v8.1

Using Okta SAML 2.0 to enable users to access Certero there are two parts, creating an app integration in the Okta developer portal and configuring an Authentication Provider in Certero.

Information from one stage is required to complete the other stage, so please ensure no steps are missed.

Creating the Certero Authentication Provider

In the Certero Unified Platform navigate to Administration > Authentication Providers and click '+ New', use the drop-down to select 'SAML 2.0' as the 'Type', enter a name for the provider (i.e. 'Okta SAML 2.0'). We now need to enter a temporary value for the 'Metadata Url' (i.e. 'Anything') and click 'Save'

Now right-click on the newly created authentication provider and select 'Actions > View Endpoints'

Click the copy button highlighted below.

Creating the Okta App Integration

Login to the Okta developer portal and select 'Application' from the menu and then click 'Create App Integration', select SAML 2.0 and click 'Next'

Enter a name for the App. i.e. 'Certero' and click 'Next'

Paste the copied 'Single Sign On Url' into the 'Single sign on URL', ensure 'Use this for Recipient URL and Destination URL' is checked, and enter the 'Audience URI (SP Entity ID)' (i.e. 'Certero') this must match the Application ID when updating the Authentication Provider in Certero later. Now select 'EmailAddress' for the 'Name ID format' and 'Email' for the 'Application username' and click 'Next'.

Select 'I'm a software vendor. I'd like to integrate my app with Okta' and click 'Finish'.

Next, right-click on the 'Identity Provider metadata' hyperlink and select 'Copy link'

Finally, you have to grant access to the App by selecting 'Assign Users to App'.

Creating the Certero Authentication Provider - part 2

Open the properties of the newly created authentication provider and paste the copied 'Identity Provider metadata' into the 'Metadata Url' and enter the 'Application ID' to match what was entered for 'Audience URI (SP Entity ID)' in the Okta App Integration earlier and click 'Save'.

Logins can now be created by selecting 'External Account' and entering the user's email address in the 'Username'