How to Configure SAML SSO: Signing into SanerNow via Okta

 

        4. Click on Download SSO metadata file

        5. Open the downloaded metadata file from your browser or a text editor.

6. Copy and save the Entity ID and ACS URL from the metadata file you downloaded.

7. Sign in to your organization’s Okta Admin Console.

8. Click Applications in the left menu, then click on Applications.

9. Click Create App Integration, select SAML 2.0, and click Next.

10. Under General settings, enter the application name (eg: SanerNow App) for the app in the App Name field, then click Next.

11. Enter the ACS URL in the Single sign-on URL field and the Entity ID in the Audience URI (SP Entity ID) field.

12. Select  Email Address in the name ID format field. 

13. Under Attribute statements, add an attribute with an Email in the Name field and user. Email in the value field. Then click Next. 

14. Select the option I'm an Okta customer adding an internal app, and then click Finish.

15. On the next page, go to the Sign On tab.

16. Scroll down and click View SAML setup instructions. A new page with IdP information will open. 

17. Copy the Identity Provider Single Sign-On URL  and identity provider issuer and download or copy the X.509 Certificate.

18. Return to the SSO authentication page in SanerNow.

19. Configure SSO in SanerNow using the downloaded certificate and copied URLs from Okta by following the steps given below:

 · Under SSO Authentication, click on new SSO policy. 

1.  Enter Issuer ID, SSO URL and Certificate from Okta.

2. Specify the required name and description for the SSO policy.

3. Enable signed authentication if you have configured it in Okta

4. Click on Create

Steps to Assign users to the app in Okta

Your users in Okta can use this newly configured SanerNow app to sign in to SanerNow. Before that, ensure that you assign your users to this app. Follow the instructions in the following Okta article to assign your users to the app.

https://help.okta.com/en/prod/Content/Topics/Provisioning/lcm/lcm-assign-app-user.htm

Assign SSO policy to SanerNow Users

Note: Before assigning the users, ensure that the User login ID in SanerNow matches with Okta Username

1. Go to Control Panel. Click on Users. 

1.  Select the users to whom Okta policy should be applied

2. Under Actions, select “Enforce SSO authentication” button

3. Select the Okta policy from the drop-down

4.Click on Confirm 

How to apply SSO Policy to the New SanerNow user

Step 1: Log in to Saner CVEM and then click Control Panel at the top-right to access the Control Panel page.

Step 2: All Organizations are selected from the drop-down by default on the control panel page. If the admin has created only one organization, the page will automatically select that organization and show its accounts.

Step 3: Click the Users section in the Control Panel.

Step 4: Click New User on the top right corner of the Users page.

Step 5: Specify the Login Id, Name, Organization, and Password.

Step 6: Select the role of the user from the drop-down menu. 

Step 7: Select the managing organizations from the drop-down menu

Step 8: To assign SSO Policy to the user, select the created SSO policy from the drop-down.

Step 9: Click the Create button to apply SSO policy to the new user

Test the SAML configuration

Test if the configuration is working properly using the following steps

Via SP-initiated flow:

1. Go to SanerNow sign-in page.

2. Enter your email address and click Next. You will be redirected to Okta for authentication.

3. If you have not already signed in to Okta, enter your Okta credentials to sign in. You will be automatically redirected back to SanerNow and will be signed in.

Via IdP-initiated flow:

1. Sign in to Okta end-user dashboard.

2. Click on the SAML app (Saner app) you have configured for SanerNow. You will be redirected to Saner CVEM  and will be signed in.