Configuring single sign-on (SSO) with Okta
This article explains how to configure the SAML SSO integration for Okta.
Prerequisites
- Administrative Account with permissions to setup SSO in Okta
- Primary or Super Role for Quickpass
- All of your users under your account in Quickpass will need an account in Okta with exactly the same email address. We don’t create user accounts under SSO.
Manual - https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
Bulk Import - https://support.getquickpass.com/hc/en-us/articles/4411037813783-How-to-Bulk-Import-Quickpass-Dashboard-Logins - Initial configuration steps as per https://support.getquickpass.com/hc/en-us/articles/4419178721559-Setting-up-Dashboard-Logins-for-SSO-SAML-
- Before turning this feature on, log in to your Quickpass account twice - once in a regular browser and once in an incognito/private window or another browser. This is to ensure that you are still logged in to your account if you get locked out in the other window.
- Ensure that you have Okta Password and Sign On Policies as well as Multifactor configuration setup for your team to use with Okta.
NOTE: Technicians Logging in to the Dashboard will be required to click on the "Log in with SSO" link in order to sign into the Dashboard with thier login credentials.
Instructions
- Log in to the Okta portal. In the left-hand menu, click Applications > Applications.
- Click Create App Integration
- Select the SAML 2.0 option on the Create a new app Integration screen.
- Give the new app a name (we suggest Quickpass SSO) click on Next
- On the Configure SAML page enter the following URLs in the fields provided:
- Single Sign On URL
-
NA or Oceania https://admin.getquickpass.com/api/auth/sso/login/callback EU https://eu-admin.getquickpass.com/api/auth/sso/login/callback
-
- Audience URI (SP Entity ID)
- Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Default RelayState
- Enter your Quickpass Entity ID value from the Quickpass Dashboard
- Application username: Okta username
- Click Next
- Single Sign On URL
- On the Feedback Page
- Select the "I am an Okta customer adding an internal app" radio button.
- Ensure the "This is an internal app that we have created" check box is selected.
- Click Finish
- The next page of the setup will load.
- Select View Setup Instructions
Old SSO Configuration Screen New SSO Configuration Screen
- Back on the Quickpass Dashboard SSO Configuration page
- Copy and Paste the value from the Okta Setup Instructions page to match this diagram
- To Calculate the Fingerprint Value - copy the certificate from this page, or download the certificate and edit it in a text editor. Copy the value from there (Ensure there are no leading or trailing spaces)
- Go to https://developers.onelogin.com/saml/online-tools/x509-certs/calculate-fingerprint.
- Paste in the certificate you downloaded or copied.
- Select sha256 in the Algorithm drop-down menu.
- Click the CALCULATE FINGERPRINT button. The fingerprint looks something like:
- Copy and Paste that value into the Quickpass SSO configuration "Fingerprint" box.
- Click Save on the Quickpass SSO Configuration page.
- Copy and Paste the value from the Okta Setup Instructions page to match this diagram
- Back on the Okta Configuration page
- Click on the Assignments page
- Assign directly to the "People" or to an Okta Group that contains the Quickpass Accounts that you have already created on the Login Management page: https://support.getquickpass.com/hc/en-us/articles/360040722434-How-to-Setup-Quickpass-Dashboard-Logins
- Click on the Assignments page
- Back on the Quickpass Dashboard SSO Configuration page
- Test a login to the Quickpass Dashboard by opening a NEW browser (different than what you are using now) or use a new Incognito/InPrivate/Private Session, and selecting Login with SSO. Follow the prompts to sign in using the Okta SSO Multi Factor you have set up.
Comments
0 comments
Please sign in to leave a comment.