Okta SSO
Configure single-sign-on (SSO) to Minimus via Okta
Okta is a popular identity provider that supports SAML. Configure single-sign-on (SSO) to Minimus via Okta. The process is standard for configuring a custom SAML app.
Prepare the SSO form in Minimus
-
Open the Minimus SSO form. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
Keep this form open and available in another browser tab as you configure the SAML app in Okta.
-
The form has 3 parts:
-
Configure Minimus as a custom app in your identity provider - You will need to copy these parameters from Minimus to Okta in the next steps.
- SP Entity ID
- Reply URL (Callback / ACS URL)
- Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
-
Connect Minimus to your identity provider - You will need to fetch these parameters from your Okta custom app and save them in the Minimus form.
- Login SSO URL
- IdP Entity ID
- Certificate
-
SAML Attribute Mapping - You will configure matching attributes in both Okta and Minimus. Fill in the following:
Minimus Parameter Input Email email Full name fullName
-
Add Minimus as a custom app in Okta
Create a Minimus application in Okta
- Login to your Okta Admin Console.
- Create a new SAML application:
- In the left-menu, go to Applications > Applications.
- Select the option Create App Integration.
- Select SAML 2.0 as the sign-in method.
Configure the general settings
- Fill in the General Settings:
- Name the application. (We’ll assume the name Minimus App was used for the rest of this guide.)
- Upload the Minimus logo to help your team identify the app in their app gallery. (This is not required but highly recommended.)
- Click Next.
Configure SAML
-
Open the Minimus SSO form in another browser tab. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
-
Copy the following parameters from the Minimus app to Okta (Note that the order of the parameters is different in the 2 apps):
Minimus Parameter Okta Parameter SP Entity ID Audience URI (SP Entity ID) Reply URL (also Callback URL) Single sign-on URL Relay State Default RelayState -
Fill in the fields below:
-
Name ID Format - Select EmailAddress from the list.
-
Application Username - Select Email from the list.
Okta Parameter Input Name ID Format EmailAddress Application Username Email
-
Configure attribute statements in Okta
Still in the same Okta tab, scroll down to the section Attribute Statements. Fill out the table in Okta as follows:
| Name | Name Format | Value |
|---|---|---|
| fullName | Unspecified | user.firstName + ” ” + user.lastName |
| Unspecified | user.email |
You can copy the value for the fullName field here:
Save your custom SAML app
- Click Next to continue.
- Okta will ask for your feedback now that you have configured the custom SAML app.
Connect the Okta SAML app to Minimus
-
In Okta, under your newly created Minimus app:
- Switch tabs to Sign On. (You should be automatically navigated to this tab.)
- Expand More details.
-
Copy the following parameters from Okta to Minimus:
Okta Parameter Minimus Parameter Sign on URL SSO URL Issuer Entity ID
Download Base64 Certificate
- Still on the same screen, download the signing certificate from Okta to Minimus.
- Open the certificate in notepad or another code viewer, and copy the code (including `-----BEGIN CERTIFICATE… and …END CERTIFICATE-----`).
- Copy the certificate to the Minimus form.
If you copy the certificate, note that it will not include the opening and closing tags:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
You can paste the certificate between the tags provided by the placeholder.
Save the Minimus SSO form
You are now ready to save the SSO configuration form in Minimus.
Assign access in Okta
Grant Okta groups and/or users access to Minimus.
- Login to your Okta Admin Console.
- In the left-menu, go to Applications > Applications.
- Select your Minimus App to open its details.
- Select the **Assignments **tab.
- Select Assign > Assign to people / groups and follow the instructions on the page.
Troubleshooting SSO access
When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included.