Skip to main content
Okta is a popular identity provider that supports SAML. Configure single-sign-on (SSO) to Minimus via Okta. The process is standard for configuring a custom SAML app.

Prepare the SSO form in Minimus

  1. Open the Minimus SSO form. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
    Keep this form open and available in another browser tab as you configure the SAML app in Okta.
  2. The form has 3 parts:
    1. Configure Minimus as a custom app in your identity provider - You will need to copy these parameters from Minimus to Okta in the next steps.
      1. SP Entity ID
      2. Reply URL (Callback / ACS URL)
      3. Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
    2. Connect Minimus to your identity provider - You will need to fetch these parameters from your Okta custom app and save them in the Minimus form.
      1. Login SSO URL
      2. IdP Entity ID
      3. Certificate
    3. SAML Attribute Mapping - You will configure matching attributes in both Okta and Minimus.

Add Minimus as a custom app in Okta

1

Create a Minimus application in Okta

  1. Login to your Okta Admin Console.
  2. Create a new SAML application:
    1. In the left-menu, go to Applications > Applications.
    2. Select the option Create App Integration.
    3. Select SAML 2.0 as the sign-in method.
2

Configure the general settings

  1. Fill out the General Settings:
    1. Name the application. (We’ll assume the name Minimus App was used for the rest of this guide.)
    2. Upload the Minimus logo to help your team identify the app in their app gallery. (This is not required but highly recommended.)
    3. Click Next.
3

Configure app parameters in Okta

Okta Configure Saml App
  1. Open the Minimus SSO form in another browser tab. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
  2. Copy the following parameters from the Minimus app to Okta. Note that the order of the parameters is different in the apps. The fields are shown according to their order in the Okta form:
    Okta ParameterMinimus Parameter
    Single sign-on URLReply URL (Callback / ACS URL)
    Audience URI (SP Entity ID)SP Entity ID
    Default RelayStateRelay State
  3. Fill out the rest of the fields in the Okta form:
    1. Name ID Format - Select EmailAddress from the dropdown list.
    2. Application Username - Select Email from the dropdown list.
    3. Update application username on - Leave the default. (It should be Create and update).
Only change the two settings explicitly mentioned above (Name ID Format and Application Username). Leave all other Okta configuration settings at their default values. Modifying advanced settings such as Assertion Signature, Response signing, or encryption settings will cause the SSO integration to fail.
4

Configure attribute statements in Okta

Still in the same Okta tab, scroll down to the section Attribute Statements (Optional).
  1. Select add expression
  2. Add the following 3 expressions:
    NameExpression
    emailuser.profile.email
    Full Nameuser.profile.firstName + user.profile.lastName
    groupsuser.getGroups(YOUR,GROUP,NAMES)
  3. Once done, the Okta attribute statements should look like this: Okta Attribute Statements
If you do not plan to use Okta groups for role-based access control, you can skip the groups expression. However, group roles are recommended for simplifying access control.
5

Save your custom SAML app

  1. Click Next to continue.
  2. Okta will ask for your feedback now that you have configured the custom SAML app.
  3. Click Finish.
6

Connect the Okta SAML app to Minimus

  1. In Okta, under your newly created Minimus app:
    1. Switch tabs to Sign On. (You should be automatically navigated to this tab.)
    2. Expand More details.
  2. Copy the following parameters from Okta to Minimus. Note that the order of the parameters is different in the apps. The fields are shown according to their order in the Okta form:
    Okta ParameterMinimus Parameter
    Sign on URLLogin URL
    IssuerIdP Entity ID
    Okta Sign On Details Pn
7

Download Base64 Certificate

  1. Still on the same screen, download the signing certificate from Okta to Minimus.
  2. Open the certificate in notepad or another code viewer, and copy the code (including `-----BEGIN CERTIFICATE… and …END CERTIFICATE-----`).
  3. Copy the certificate to the Minimus form.
If you copy the certificate, note that it will not include the opening and closing tags:

-----BEGIN CERTIFICATE----------END CERTIFICATE-----

You can paste the certificate between the tags provided by the placeholder.
8

Fill out SAML Attribute Mapping in Minimus

Back in the Minimus SAML form, fill out the following under Step 3: SAML Attribute Mapping:
Minimus ParameterInput to type inNotes
Emailemail
Full namefullName
Group MappinggroupsOptional. Only relevant if you intend to use group roles.
9

Save the Minimus SSO form

You are now ready to save the SSO configuration form in Minimus.

Assign access in Okta

Grant Okta groups and/or users access to Minimus.
  1. Login to your Okta Admin Console.
  2. In the left-menu, go to Applications > Applications.
  3. Select your Minimus App to open its details.
  4. Select the Assignments tab.
  5. Select Assign > Assign to people / groups and follow the instructions on the page.
Okta Assign Users

Troubleshooting SSO access

When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included. 
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----