SSO - Okta SAML
Security / SSO - Okta SAML

The following recommended configuration settings should be utilized when configuring StatusDashboard to authenticate against Okta.

Okta Settings

StatusDashboard - Administrator

In order to configure Okta to authenticate StatusDashoard administrators, login to your Okta account and create a new Okta app using the settings listed below. Once the app has been configured, view the Okta setup instructions for the app to obtain the Identity Provider Single Sign-On URL, Identity Provider Issuer and X.509 Certificate. You will need to enter these values into the StatusDashboard configuration at Security > Single Sign-On > Options > SAML SSO (Admin) in the Identity Provider (IdP) section.

Okta Configuration Setting

Setting / Description

Single Sign on URL

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Assertion Consumer Service (ACS) field under Service Provider.  Enter this value in the Okta configuration field and leave the option checked to "Use this for Recipient URL and Destination URL.

Audience URI (SP Entity ID)

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Admin) and look for the Entity ID / Issuer field under Service Provider.  Enter this value in the Okta configuration field.

Default RelayState

Leave Blank

Name ID format

EmailAddress

Application username

Email

Response

Signed

Assertion Signature

Signed

Signature Algorithm

RSA-SHA256

Digest Algorithm

SHA256

Assertion Encryption

Unencrypted

Enable Single Logout

Disabled

Authentication context class

PasswordProtectedTransport

Honor Force Authentication

Yes

SAML Issuer ID

Leave Default Setting


StatusDashboard - Dashboard

In order to configure Okta to authenticate your customers/users against your status dashboard, login to your Okta account and create a new Okta app using the settings listed below. Once the app has been configured, view the Okta setup instructions for the app to obtain the Identity Provider Single Sign-On URL, Identity Provider Issuer and X.509 Certificate. You will need to enter these values into the StatusDashboard configuration at Security > Single Sign-On > Options > SAML SSO (Dashboard) in the Identity Provider (IdP) section.

Okta Configuration Setting

Setting / Description

Single Sign on URL

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Assertion Consumer Service (ACS) field under Service Provider.  Enter this value in the Okta configuration screen and leave the option checked to "Use this for Recipient URL and Destination URL.

Audience URI (SP Entity ID)

Login to StatusDashboard, browse to Security > Single Sign-On > Options > SAML SSO (Dashboard) and look for the Entity ID / Issuer field under Service Provider.  Enter this value in the Okta configuration screen.

Default RelayState

Leave Blank

Name ID format

EmailAddress

Application username

Email

Response

Signed

Assertion Signature

Signed

Signature Algorithm

RSA-SHA256

Digest Algorithm

SHA256

Assertion Encryption

Unencrypted

Enable Single Logout

Disabled

Authentication context class

PasswordProtectedTransport

Honor Force Authentication

Yes

SAML Issuer ID

Leave Default Setting


StatusDashboard Settings - Service Provider

In order to configure the StatusDashboard Service Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

x509 Certificate

Select StatusDashboard or Comodo

Select StatusDashboard or Comodo

If your IdP implementation requires a trusted certificate, then choose the Comodo signed certificate (assuming your IdP trusts the Comodo CA certificate). If your IdP does not require a trusted certificate, then choose the StatusDashboard self signed certificate. The StatusDashboard self signed certificate is the preferred option because it has a long expiration time and will not be refreshed whereas the Comodo certificate could be refreshed periodically (requiring you to update your IdP configuration).

Sign AuthN Request

Enabled

Enabled

Sign Logout Request

Enabled

Enabled

Sign Logout Response

Enabled

Enabled

Sign Metadata

Enabled

Enabled


This option can be set either way and is not dependent on the Okta configuration.

Signature Algorithm

rsa-sha1

rsa-sha1

Can be set to any signature algorithm.

Digest Algorithm

sha1

sha1

Can be set to any digest algorithm.

Encrypt Name ID

Disabled

Disabled


Include Authentication Context

Enabled

Enabled


StatusDashboard Settings - Identity Provider

In order to configure the StatusDashboard Identity Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > Options > SAML SSO (Admin|Dashboard).  Configuration settings for both the Dashboard and Admin SAML setup are listed below.

Configuration Setting

Dashboard

Admin

Notes

Entity ID / Issuer

Insert the Okta Identity Provider Issuer.

Insert the Okta Identity Provider Issuer.


Single Sign-On (SSO) Service URL

Insert the Okta Identity Provider Single Sign-On URL.

Insert the Okta Identity Provider Single Sign-On URL.


Single Logout Service (SLO) URL


Not currently supported

IdP Logout URL

https://[Your Okta company name].okta.com/login/signout

https://[Your Okta company name ].okta.com/login/signout

When not using SLO, this URL will end the user's Okta session when logging out of StatusDashboard.  Insert your Okta company name in the brackets.

Logout Redirect URL

[Insert redirect URL]

[Insert redirect URL]

Enter a URL where you want your users to end up after logging out.

x509 Certificate

[x509 cert in PEM format]

[x509 cert in PEM format]

Enter the Okta x.509 Certificate.

Require Message Signature

Enabled

Enabled

Require Assertion Signature

Enabled

Enabled

Require NameID Encryption

Disabled

Disabled

Still have questions?  Contact our support team.  We're always happy to help with any questions you might have.