Set up SAML SSO with Okta

​

Prerequisites

You need your project’s SAML Assertion Consumer Service (ACS) URL and the Service Provider (SP) Entity ID.

​

Service Provider Entity ID

The SP Entity ID for your Hanko project is equal to the API URL of your project. To find the API URL for your project:

1. Log in to Hanko Cloud and select your project.
2. Navigate to Dashboard.
3. Copy and save the API URL.

​

Service Provider ACS URL

To find the Assertion Consumer Service (ACS) URL for your project:

1. Log in to Hanko Cloud and select your project.
2. Navigate to Settings > Enterprise connections.
3. Under Enterprise connections find the Redirect URL panel.
4. Copy and save the URL.

​

Create an Okta application

1. Create an account at Okta. Once registered, access the Okta Administration console at https://<your_organization>-admin.okta.com.
2. Select Applications > Applications in the left sidebar.
3. Click Create App Integration.

4. In the shown modal select SAML as the sign-in method.
5. Click Next.

6. In the Create SAML Integration wizard, provide an App name.
7. Click Next.

8. Under Single sign-on URL enter your ACS URL (see Prerequisites - Service Provider ACS URL).
9. Under Audience URI (SP Entity ID) enter you project API URL (see Prerequisites - Service Provider Entity ID).

10. Scroll down and find the Attribute statements panel. Under Name enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.
11. Under Name format select URI Reference
12. Under Value select user.email.
13. Click Next.

14. Provide feedback on the next screen of the configuration wizard and click Finish.
15. Select Sign On in the top tab navigation.
16. In the Settings > Sign-on methods > SAML 2.0 panel find the Metadata URL in the Metadata details and copy it. You need this for configuring the enterprise connection with Hanko.

​

Assign users to your application

To enable users to log in, you need to assign users to the application. To assign users:

1. Select Applications > Applications in the left sidebar.
2. Click Assign Users to Apps.

3. Select the app you want to assign users to.
4. Select users you want to assign to the app.
5. Click Next.

6. Review your assignments and click Confirm assignments.

​

Configure an enterprise connection

1. Log in to Hanko Cloud and select your project.
2. Navigate to Settings > Enterprise connections.
3. Under Connections, click New connection.

4. In the shown modal provide the following data:
   • A Name for the connection.
   • A Domain for the connection. When users authenticate via SAML SSO, the domain of the email address provided as an identifier at the start of an authentication flow must match the domain configured here.
   • A Metadata URL. This is the URL you copied in step 16 in Create an Okta application.
   • Select whether you want skip email verification for this provider.
5. Click Save to create the connection.

​

Testing your integration

To test your integration via IdP-initiated flow:

1. On the top right click the user dropdown.
2. Click My settings.

3. In your end-user profile select My Apps in the left sidebar.
4. Find your app and click its icon.