This guide explains how to setup the SSO between Oitchau and OKTA
Make sure that your domain is verified by Oitchau Support (see )
Open your company OKTA Admin Dashboard and go to the Applications page.
On the top of the Applications, press the button Applications
You should get a pop-up to select the sign-in method. You should select SAML 2.0 and hit Next.
You should get a page like this, where you need to specify the App configuration. In the first field, you need to enter the App name – Oitchau. In the second field press Upload button to upload the Oitchau logo.
In the pop-up that appear, press Browse files… and select the Oitchau Logo. You can take one from here. Once upload is over, click
Now the configuration screen should look like this. Press Next.
Now go back to the Oitchau configuration page. You will need to create a configuration to get the URLs for the next OKTA setup page. For that, we will need to fill in 3 fields. For now, we will use some stub data.
Single Sign-On Url: https://oitchau.com
Email mapping: email
Hit Save . Now you should get the configuration variables list, like this:
For the OKTA setup we will need all three, in the following order:
- Oitchau Assert Endpoint we copy and paste to Single sign on URL on OKTA settings page
- Oitchau Audience we copy and paste to Audience URI on OKTA settings page
- Oitchau Certificate we copy and paste in the empty text file. Call it oitchau-okta.pem
Also, please make sure that checkbox is on.
Scroll the page down and click Show Advanced Settings:
The settings list will expand. Find the line with the name Assertion Encryption . It should be set to Encrypted, to make sure that all communication between OKTA and Oitchau is encrypted. You will also need to upload the Oitchau certificate.
Now we take our and convert it to the .der format. To do that you need to run the following command:
openssl x509 -in ./oitchau-okta.pem -out ./oitchau-okta.der -outform DER
Upload it to the OKTA and you’ll get something like this:
Now you can scroll down and move forward to the next important step. In the attribute values list find the one with the name user.email and map it to the email.
Now you are ready to hit Next at the bottom of the page.
On the next screen, you need select I'm an Okta customer adding an internal app
If you don’t want to fill the information about the Oitchau, you can also select This is an internal app that we have created
Once done, hit Finish.
You have successfully configured integration on the OKTA side. Now you need to do the same on the Oitchau side. On the next page (Oitchau App configuration page, Sign On tab) find the link Identity Provider Metadata and copy the link URL.
Go to the Oitchau Admin and paste the URL into the Issue URL (1). After that clear the Single Sign On URL and Certificate fields (2). The whole configuration should look like on the screen below. Hit Save .
You have finished successfully configuration on the Oitchau side. Now you need to assign some users to the Oitchau in the OKTA admin for them to be able to log in.
Open the Oitchau App configuration page, Assignments tab. Assign some employees or groups using the button.
Make sure that your account is assigned as well, so you can test the integration. The easiest option is when you want to assign everyone. Hit Assign > Assign to Groups
In the pop-up search for everyone and hit Assign . After that click Done .
You have completed the setup and now are ready to test the integration.