Single Sign On

Okta



Notes

These instructions are accurate as of May 2015. As Okta may make changes to their user interface at any time you may find that some aspects of this step by step such as button and screen names may not align completely with the Okta app. If you notice any misalignment, please let us know so that we can keep these instructions as up to date and accurate as possible.


Prerequisites

  1. You must have an Okta Administrator account


Step 1 - Configure Skills Base SSO (Part 1)


  1. Log in to Skills Base as an Administrator
  2. From the left side of menu, select [Administration > Authentication]
  3. On the Authentication page in the Identity Providers section, select Add identity provider.
  4. Click Add to use the default settings.
  5. In the Application Details panel, next to SAML SP Metadata, select Download XML File and save the resulting file on your computer.


Step 2 - Configure Okta

1. Go to the Administrator dashboard

2. Click the "Applications" tab

3. Click "Add Application"

4. Click the green "Create New App" button:

5. Select "SAML 2.0" from the popup dialogue and click "Create":

6. For "App name" enter "Skills Base"

7. Under "App visibility" make sure both boxes are ticked (ie: "Do not display application icon to users" and "Do not display application icon in the Okta Mobile app"), then click "Next"

8. Under "A - SAML Settings" click "Show advanced settings" and enter the following details:

Single sign on URL To get this value:
  1. Use a text editor to open the Skills Base metadata file that you downloaded in step 1
  2. Look for the tag that starts with:
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
  3. Copy the URL from the “Location” attribute of the above tag. It should start with https://saml.skills-base.com/....
  4. Paste the URL you copied into this field
Use this for Recipient URL and Destination URL (Tick)
Audience URI (SP Entity ID) To get this value:
  1. Use a text editor to open the Skills Base metadata file that you downloaded in step 1
  2. Look for the tag that starts with:
    <md:EntityDescriptor
  3. Copy the value from the “entityID” attribute of the above tag.
  4. Paste the value you copied into this field

Default RelayState https://saml.skills-base.com/module.php/saml/sp/saml2-logout.php/
Name ID format Transient
Application username Email
Response Signed
Assertion Signature Signed
Signature Algorithm RSA-SHA256
Digest Algorithm SHA256
Assertion Encryption Unencrypted
Authentication context class X.509 Certificate
Request compression Uncompressed
Honor Force Authentication Yes
Attribute statements GivenName, Basic, user.firstName

Surname, Basic, user.lastName

Email, Basic, user.email

9. Click "Next"

10. You will now need to assign people to the application. Click the "People" tab, then "Assign Application", then select the relevant people for testing. Later you can amend this to include all of the people you would like to access Skills Base.

11. You can now download the Okta metadata for use in configuring Skills Base in the next step. Click the "Sign on" tab of the Skills Base app you created and then click the "Identity Provider Metadata" link to download the metadata.


Additional steps if you are using Okta as a portal

If you are using Okta as a portal to access multiple services you will note that we hid the Skills Base app you created in step 7. This is because you can't access Skills Base via the Okta sign in link. You must access Skills Base using your Skills Base shortcut link which will redirect you to Okta for sign in. For this reason if you are using Okta as a portal and want your end users to have the ability to access Skills Base by clicking the Skills Base item in Okta, you can follow the next steps:

1. Go to the Administrator dashboard (located at /admin)

2. Click the "Applications" menu item

3. Click "Add Application"

4. Click the green "Create New App" button

5. Find the "Bookmark App" app and select it.

6. For "Application label" enter "Skills Base"

7. For "URL" enter your Skills Base shortcut link

8. Ensure all of the other checkboxes are not ticked and click "Next"

9. Assign the people you would like to access Skills Base.

10. Click "Done"


Step 3 - Configure Skills Base SSO (Part 2)


  1. Return to Skills Base and select [Administration > Authentication] from the left hand menu.
  2. In the Identity Providers section, select the edit button (denoted by a pencil icon) for the Identity Provider record you added.
  3. In the Edit identity provider panel, for SAML IdP Metadata select Upload an XML file
  4. Click Browse to choose a file. Select the Federation Metadata XML file that you downloaded from Okta and click Save.
  5. In the Authentication panel, for Single Sign-On select the Identity Provider you added
  6. Make sure the option to bypass the Skills Base login screen is deselcted for now. You can enable this option later, once the integration is proved to be working.
  7. If you would like to enable Just In Time user provisioning, enable the Automatic user account provisioning option.
  8. click Save changes.


The Identity Provider you added in the Identity Providers panel should now have a green Enabled badge in the Status column.


Step 4 - Test

1. Log out of Skills Base

2. Use your shortcut link to access your Skills Base instance.

3. You should be taken to the Okta login page

4. Once you have successfully authenticated to Okta you should be signed into Skills Base.


Accessing Skills Base via Single Sign On

To access Skills Base via Okta Sign On, use your Skills Base shortcut link. You will automatically be redirected to Okta for authentication.