Okta SAML SSO

Overview

HYPR and Okta have partnered to deliver true passwordless authentication to the enterprise.

This document provides a step-by-step introduction for configuring Okta to work with HYPR. In this guide HYPR will be set up as both a SAML-SP and a SAML-IdP for Okta.

The HYPR SAML-SP configuration is configured to allow users to authenticate with Okta into the HYPR Registration Portal.

The HYPR SAML-IdP configuration allows HYPR to act as a passwordless frontend for Okta. Users can authenticate with HYPR to get access directly into their Okta portal.

HYPR Service Provider (SP) Configuration

  1. Log into your Okta administration portal.
804804
  1. Go To Applications on the top menu and click 'Add Application'.
806806
  1. In the create application screen, select 'Create New Application'. Select 'Web' as the platform and 'SAML 2.0' as the Sign on method then click the 'Create' button.
816816
  1. Give your app a name and click the 'Next' button. You can also optionally provide an App logo here, which will display as an icon in the user's portal.
727727
  1. On the Configure SAML screen, put in the HYPR Single Sign On URL. This will be your HYPR environment URL with /hyprsp/saml/SSO at the end of it. An example of this is: https://example.hypr.com/hyprsp/saml/SSO. This is the URL that consumes SAML messages on the HYPR Service Provider.

Also, provide the Audience URI/SP Entity ID. For HYPR, this will be http://mock-sp

Press the 'Next' button after leaving the other values as defaults.

725725
  1. Select the 'I'm an Okta customer adding an internal app' option from the 'Are you a customer or partner?' selection and click 'Finish'.
714714
  1. Copy your Identity Provider metadata URL, and provide this to the HYPR team.
729729
  1. Click the 'View Setup Instructions' link on the next page to proceed to the information required for HYPR to complete the SAML integration.
797797
  1. Copy the Identity Provider Single Sign-On URL and the X.509 Certificate and paste it into your HYPR SP configuration file. This file is provided by the HYPR deployment team. Your HYPR team can finish the HYPR SAML configuration with this information.
974974

HYPR Identity Provider (IdP) Configuration

  1. Log into your Okta Service Portal. Select 'Identity Providers' under the Security drop-down menu.
814814
  1. Select 'Add Identity Provider' and select 'SAML 2.0 IdP'.
537537
  1. Within the configuration settings for this Identity Provider input the following configuration:
764764
ParameterValue
NameAny value, utilized to identify the Identity Provider by an Okta admin following creation.
764764
ParameterValue
IdP Usernameidpuser.subjectNameid
Match againstOkta Username
If no match is foundRedirect to Okta sign-in page
772772
ParameterValue
IdP Issuer URIhttp://hypr-idp
IdP Single Sign-on URLThe Single Sign-On URL which will be your IDP domain with /hypridp/SingleSignOnService.

Example: https://example.hypr.com/hypridp/SingleSignOnService
IdP Signature CertificateUpload the IdP certificate provided by the HYPR team.