Okta is 3rd party identity management service that enables institutions to securely and simply connect their users to a wide array of applications. To learn more about Okta, please visit https://www.okta.com/
To begin, we're going to create a new application in Okta that connects via SAML. From an Administration account, go to "Applications" and click the "Add Application" button.
Next, click the "Create New App" button, and choose the "SAML 2.0" option.
Step 2. Configure the application settings
After you've created the app, you'll need to fill out some information about how it should display to your Okta users.
Feel free to use the following logo that has been properly sized for the Okta application:
Step 3. Configure the application SSO settings
The bulk of the Okta integration happens here. You're going to need a few fields during this setup, that are defined as follows:
1. Single Sign On URL will be unique to your Digication system and can be provided or created by our support team if you're unable to find it. It is simply the Digication URL you use to sign in, like "https://YOUR-SCHOOL.digication.com" followed by "/sso/saml/callback.php"
2. Audience URI (SP Entity ID) will be the same kind of Digication URL, followed by "/sso/saml/metadata.php"
3. Attribute Statements is a list of fields that describe your Okta users, mapped to a field that is sent to Digication upon a successful SSO request. The values in the left column represent the name of the field being sent to Digication, and the corresponding value (on the right) that is generated by Okta. Your user accounts may contain slightly different data, but we'll need the following kinds of fields:
- A unique user identifier (custom user id, unique id, cwid, etc)
- The user's email address
- The user's first name
- The user's last name
- The user's username
4. Group Attribute Statements Digication requires a single group attribute to be configured in order to distinguish whether a user is a faculty member or a student. This will correspond to the faculty role or its equivalent at your institution.
Step 4. Save
Since this will remain an internal application, choose the first option and then click the "Finish" button.
Step 5. Send Digication the Okta Metadata url
After finishing the application, you'll need to send us the newly-generated unique metadata from Okta.
To do so, go to the "Sign On" tab, and copy the link labeled "Identity Provider metadata". We do not need the content of this link, simply the URL. We will be able to configure the DIgication side of SSO using this URL.