Prerequisites (Optional):
Client browsers must be configured for IWA
Okta Active Directory Agent is configured and working
At least one Active Directory server is configured for Okta IWA
A8 Admin Console
Enable Portal, define a company identifier (e.g. mitchmurray)
Enable SAML
Download the SP Encryption Certificate SP_cert.crt to your computer.
Do not hit Save; leave page open.
Okta - Allow IFrame Embedding (Optional)
Login to your Okta Portal as an Admin
Click Settings > Customization > General
Enable IFrame Embedding > Save
Note: IFrame Embedding may need to be enabled if you encounter an X-frame error with Okta.
Okta - Add a New Application
In Okta, click Admin > Applications > Add Application
Click Create New App > Create
Name your app (e.g. a8 Silo), click Next
Copy the SP Post Back URL (not Silo Access Portal URL) from A8 Admin Console and paste it into the Okta Single Sign on URL box
Copy the SP Entity ID from A8 Admin Console and paste it into the Okta Audience URI box
In DefaultRelayState entry box, enter: 2 (Installed Client) or 4 (Web Client)
Set the name ID and Application username format. EmailAddress is recommended.
Click Advanced Settings
Set Authentication context class to Password Protected Transport
Change Assertion Encryption to Encrypted.
Upload the SP_cert.crt Encryption Certificate you downloaded from your AC, click Upload Certificate
Click Next
Choose "I'm an Okta customer adding an internal app"
Click Finish
Click View Setup Instructions
Copy the Identity Provider Single Sign-on URL from Okta to A8 Admin Console IdP Login URL:
Copy the Identity Provider Issuer URL from Okta to A8 Admin Console IdP Issuer:
Download the X.509 Certificate from Okta and upload it to A8 Admin Console
- IdP Issuer: http://www.okta.com/<Okta Application ID>
- IdP Login URL: https://<your Okta org ID>.okta.com/app/<application name>/<Okta Application ID>/sso/saml
- IdP Signing Certificate: X.509 Certificate from Okta.
Please contact Support if you have any additional questions and/or require further information.