Okta SAML SSO
Overview
HYPR and Okta have partnered to deliver true passwordless authentication to the enterprise.
This document provides a step-by-step introduction for configuring Okta to work with HYPR. In this guide HYPR will be set up as both a SAML-SP and a SAML-IdP for Okta.
The HYPR SAML-SP configuration is configured to allow users to authenticate with Okta into the HYPR Registration Portal.
The HYPR SAML-IdP configuration allows HYPR to act as a passwordless frontend for Okta. Users can authenticate with HYPR to get access directly into their Okta portal.
HYPR Service Provider (SP) Configuration
- Log into your Okta administration portal.
- Go To Applications on the top menu and click 'Add Application'.
- In the create application screen, select 'Create New Application'. Select 'Web' as the platform and 'SAML 2.0' as the Sign on method then click the 'Create' button.
- Give your app a name and click the 'Next' button. You can also optionally provide an App logo here, which will display as an icon in the user's portal.
- On the Configure SAML screen, put in the HYPR Single Sign On URL. This will be your HYPR environment URL with
/hyprsp/saml/SSOat the end of it. An example of this is:https://example.hypr.com/hyprsp/saml/SSO.This is the URL that consumes SAML messages on the HYPR Service Provider.
Also, provide the Audience URI/SP Entity ID. For HYPR, this will be http://mock-sp
Press the 'Next' button after leaving the other values as defaults.
- Select the 'I'm an Okta customer adding an internal app' option from the 'Are you a customer or partner?' selection and click 'Finish'.
- Copy your Identity Provider metadata URL, and provide this to the HYPR team.
- Click the 'View Setup Instructions' link on the next page to proceed to the information required for HYPR to complete the SAML integration.
- Copy the Identity Provider Single Sign-On URL and the X.509 Certificate and paste it into your HYPR SP configuration file. This file is provided by the HYPR deployment team. Your HYPR team can finish the HYPR SAML configuration with this information.
HYPR Identity Provider (IdP) Configuration
- Log into your Okta Service Portal. Select 'Identity Providers' under the Security drop-down menu.
- Select 'Add Identity Provider' and select 'SAML 2.0 IdP'.
- Within the configuration settings for this Identity Provider input the following configuration:
| Parameter | Value |
|---|---|
| Name | Any value, utilized to identify the Identity Provider by an Okta admin following creation. |
| Parameter | Value |
|---|---|
| IdP Username | idpuser.subjectNameid |
| Match against | Okta Username |
| If no match is found | Redirect to Okta sign-in page |
| Parameter | Value |
|---|---|
| IdP Issuer URI | http://hypr-idp |
| IdP Single Sign-on URL | The Single Sign-On URL which will be your IDP domain with /hypridp/SingleSignOnService.Example: https://example.hypr.com/hypridp/SingleSignOnService |
| IdP Signature Certificate | Upload the IdP certificate provided by the HYPR team. |
Updated about 2 years ago