Single Sign On
These instructions are accurate as of May 2015. As Okta may make changes to their user interface at any time you may find that some aspects of this step by step such as button and screen names may not align completely with the Okta app. If you notice any misalignment, please let us know so that we can keep these instructions as up to date and accurate as possible.
- You must have an Okta Administrator account
Step 1 - Configure Skills Base SSO (Part 1)
- Log in to Skills Base as an Administrator
- From the left side of menu, select [Administration > Authentication]
- On the Authentication page in the Identity Providers section, select Add identity provider.
- Click Add to use the default settings.
- In the Application Details panel, next to SAML SP Metadata, select Download XML File and save the resulting file on your computer.
2. Click the "Applications" tab
3. Click "Add Application"
4. Click the green "Create New App" button:
5. Select "SAML 2.0" from the popup dialogue and click "Create":
6. For "App name" enter "Skills Base"
7. Under "App visibility" make sure both boxes are ticked (ie: "Do not display application icon to users" and "Do not display application icon in the Okta Mobile app"), then click "Next"
8. Under "A - SAML Settings" click "Show advanced settings" and enter the following details:
|Single sign on URL||To get this value:
|Use this for Recipient URL and Destination URL||(Tick)|
|Audience URI (SP Entity ID)||To get this value:
|Name ID format||Transient|
|Authentication context class||X.509 Certificate|
|Honor Force Authentication||Yes|
|Attribute statements||GivenName, Basic, user.firstName
Surname, Basic, user.lastName
Email, Basic, user.email
9. Click "Next"
10. You will now need to assign people to the application. Click the "People" tab, then "Assign Application", then select the relevant people for testing. Later you can amend this to include all of the people you would like to access Skills Base.
11. You can now download the Okta metadata for use in configuring Skills Base in the next step. Click the "Sign on" tab of the Skills Base app you created and then click the "Identity Provider Metadata" link to download the metadata.
Additional steps if you are using Okta as a portal
If you are using Okta as a portal to access multiple services you will note that we hid the Skills Base app you created in step 7. This is because you can't access Skills Base via the Okta sign in link. You must access Skills Base using your Skills Base shortcut link which will redirect you to Okta for sign in. For this reason if you are using Okta as a portal and want your end users to have the ability to access Skills Base by clicking the Skills Base item in Okta, you can follow the next steps:
1. Go to the Administrator dashboard (located at /admin)
2. Click the "Applications" menu item
3. Click "Add Application"
4. Click the green "Create New App" button
5. Find the "Bookmark App" app and select it.
6. For "Application label" enter "Skills Base"
7. For "URL" enter your Skills Base shortcut link
8. Ensure all of the other checkboxes are not ticked and click "Next"
9. Assign the people you would like to access Skills Base.
10. Click "Done"
Step 3 - Configure Skills Base SSO (Part 2)
- Return to Skills Base and select [Administration > Authentication] from the left hand menu.
- In the Identity Providers section, select the edit button (denoted by a pencil icon) for the Identity Provider record you added.
- In the Edit identity provider panel, for SAML IdP Metadata select Upload an XML file
- Click Browse to choose a file. Select the Federation Metadata XML file that you downloaded from Okta and click Save.
- In the Authentication panel, for Single Sign-On select the Identity Provider you added
- Make sure the option to bypass the Skills Base login screen is deselcted for now. You can enable this option later, once the integration is proved to be working.
- If you would like to enable Just In Time user provisioning, enable the Automatic user account provisioning option.
- click Save changes.
The Identity Provider you added in the Identity Providers panel should now have a green Enabled badge in the Status column.
1. Log out of Skills Base
2. Use your shortcut link to access your Skills Base instance.
3. You should be taken to the Okta login page
4. Once you have successfully authenticated to Okta you should be signed into Skills Base.
To access Skills Base via Okta Sign On, use your Skills Base shortcut link. You will automatically be redirected to Okta for authentication.