Okta is a popular identity provider that supports SAML. Configure single-sign-on (SSO) to Minimus via Okta. The process is standard for configuring a custom SAML app.

Prepare the SSO form in Minimus

  1. Open the Minimus SSO form. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
    Keep this form open and available in another browser tab as you configure the SAML app in Okta.
  2. The form has 3 parts:
    1. Configure Minimus as a custom app in your identity provider - You will need to copy these parameters from Minimus to Okta in the next steps.
      1. SP Entity ID
      2. Reply URL (Callback / ACS URL)
      3. Relay State (optional) - If you leave the Relay State blank, users will only be able to login with SSO from the Minimus homepage.
    2. Connect Minimus to your identity provider - You will need to fetch these parameters from your Okta custom app and save them in the Minimus form.
      1. Login SSO URL
      2. IdP Entity ID
      3. Certificate
    3. SAML Attribute Mapping - You will configure matching attributes in both Okta and Minimus. Fill in the following:
      Minimus ParameterInput
      Emailemail
      Full namefullName

Add Minimus as a custom app in Okta

1

Create a Minimus application in Okta

  1. Login to your Okta Admin Console.
  2. Create a new SAML application:
    1. In the left-menu, go to Applications > Applications.
    2. Select the option Create App Integration.
    3. Select SAML 2.0 as the sign-in method.
2

Configure the general settings

  1. Fill in the General Settings:
    1. Name the application. (We’ll assume the name Minimus App was used for the rest of this guide.)
    2. Upload the Minimus logo to help your team identify the app in their app gallery. (This is not required but highly recommended.)  
    3. Click Next.
3

Configure SAML

  1. Open the Minimus SSO form in another browser tab. You can use this direct link or navigate as follows: Go to Manage > Users. Then click Configure SSO.
  2. Copy the following parameters from the Minimus app to Okta (Note that the order of the parameters is different in the 2 apps):  
    Minimus ParameterOkta Parameter
    SP Entity IDAudience URI (SP Entity ID)
    Reply URL (also Callback URL)Single sign-on URL
    Relay StateDefault RelayState
  3. Fill in the fields below:
    1. Name ID Format - Select EmailAddress from the list.
    2. Application Username - Select Email from the list.
      Okta ParameterInput
      Name ID FormatEmailAddress
      Application UsernameEmail
Okta Configure Saml App
4

Configure attribute statements in Okta

Still in the same Okta tab, scroll down to the section Attribute Statements. Fill out the table in Okta as follows:
NameName FormatValue
fullNameUnspecifieduser.firstName + ” ” + user.lastName
emailUnspecifieduser.email
You can copy the value for the fullName field here:
user.firstName \+ " " \+ user.lastName
Okta Attribute Statements
5

Save your custom SAML app

  1. Click Next to continue. 
  2. Okta will ask for your feedback now that you have configured the custom SAML app.
6

Connect the Okta SAML app to Minimus

  1. In Okta, under your newly created Minimus app:
    1. Switch tabs to Sign On. (You should be automatically navigated to this tab.)
    2. Expand More details.
  2. Copy the following parameters from Okta to Minimus:
    Okta ParameterMinimus Parameter
    Sign on URLSSO URL
    IssuerEntity ID
    Okta Sign On Details Pn
7

Download Base64 Certificate

  1. Still on the same screen, download the signing certificate from Okta to Minimus.
  2. Open the certificate in notepad or another code viewer, and copy the code (including `-----BEGIN CERTIFICATE… and …END CERTIFICATE-----`).
  3. Copy the certificate to the Minimus form.
If you copy the certificate, note that it will not include the opening and closing tags:

-----BEGIN CERTIFICATE----------END CERTIFICATE-----

You can paste the certificate between the tags provided by the placeholder.
8

Save the Minimus SSO form

You are now ready to save the SSO configuration form in Minimus.

Assign access in Okta

Grant Okta groups and/or users access to Minimus.
  1. Login to your Okta Admin Console.
  2. In the left-menu, go to Applications > Applications.
  3. Select your Minimus App to open its details.
  4. Select the **Assignments **tab.
  5. Select Assign > Assign to people / groups and follow the instructions on the page.
Okta Assign Users

Troubleshooting SSO access

When copying the certificate to Minimus, make sure there is no whitespace before or after the certificate. Also, check that the expected prefix and suffix are included. 
-----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----