Prerequisites (Optional):

  • Client browsers must be configured for IWA

  • Okta Active Directory Agent is configured and working

  • At least one Active Directory server is configured for Okta IWA

A8 Admin Console

  1. Enable Portal, define a company identifier (e.g. mitchmurray)

  2. Enable SAML

  3. Download the SP Encryption Certificate SP_cert.crt to your computer.

  4. Do not hit Save; leave page open.

Okta - Allow IFrame Embedding (Optional)

  1. Login to your Okta Portal as an Admin

  2. Click Settings > Customization > General

  3. Enable IFrame Embedding > Save

Note: IFrame Embedding may need to be enabled if you encounter an X-frame error with Okta.

Okta - Add a New Application

  1. In Okta, click Admin > Applications > Add Application

  2. Click Create New App > Create

  3. Name your app (e.g. a8 Silo), click Next

  4. Copy the SP Post Back URL (not Silo Access Portal URL) from A8 Admin Console and paste it into the Okta Single Sign on URL box

  5. Copy the SP Entity ID from A8 Admin Console and paste it into the Okta Audience URI box

  6. In DefaultRelayState entry box, enter: 2 (Installed Client) or 4 (Web Client)

  7. Set the name ID and Application username format. EmailAddress is recommended.

  8. Click Advanced Settings

  9. Set Authentication context class to Password Protected Transport

  10. Change Assertion Encryption to Encrypted. 

  11. Upload the SP_cert.crt Encryption Certificate you downloaded from your AC, click Upload Certificate

  12. Click Next

  13. Choose "I'm an Okta customer adding an internal app"

  14. Click Finish

  15. Click View Setup Instructions

  16. Copy the Identity Provider Single Sign-on URL from Okta to A8 Admin Console IdP Login URL:

  17. Copy the Identity Provider Issuer URL from Okta to A8 Admin Console IdP Issuer:

  18. Download the X.509 Certificate from Okta and upload it to A8 Admin Console

A8 Admin Console - review of steps 16-18 above.
  1. IdP Issuer:<Okta Application ID>
  2. IdP Login URL: https://<your Okta org ID><application name>/<Okta Application ID>/sso/saml
  3. IdP Signing Certificate: X.509 Certificate from Okta.

Note: Authentic8 makes no warranty on third-party software. We assume no responsibility for errors or omissions in the third-party software or documentation available. Using such software is done entirely at your own discretion and risk.

Please contact Support if you have any additional questions and/or require further information.