Okta Integration (SAML)
Okta Integration with SAML (Security Assertion Markup Language) allows organisations to securely manage user identities and authentication across various applications. TrustWorks' SAML integration simplifies user access, enhances security, and ensures compliance with privacy regulations.
Benefits of Okta Integration with SAML
Enhanced Security:
SAML enables secure Single Sign-On (SSO), reducing the need for multiple credentials and minimising password-related vulnerabilities and unauthorised access risks.
Streamlined User Management:
User provisioning and deprovisioning are automated. Changes to roles or permissions are reflected across all connected applications, ensuring consistent access control.
Centralised Identity Management:
Okta acts as the Identity Provider (IdP), centralising user authentication and administration, simplifying management, and ensuring consistent security policies.
Seamless Application Integration:
TrustWorks' SAML integration supports a wide range of applications, including cloud services and on-premises solutions, creating a unified environment for your organisation.
How Okta Integration with SAML Works
- Configure Okta as Identity Provider (IdP):
In Okta, you set up your organisation as an Identity Provider, responsible for authenticating users and providing security tokens upon successful authentication.
- Setup Service Provider (SP) in TrustWorks:
TrustWorks acts as the Service Provider, relying on the Identity Provider (Okta) for user authentication. You configure TrustWorks to trust Okta as the source of user identity and access control.
- User Authentication Flow:
When users attempt to access TrustWorks, they are redirected to Okta's login page. After successful authentication, Okta generates a SAML token containing user information and sends it back to TrustWorks.
- Just-in-Time (JIT) Provisioning:
New users are automatically created in TrustWorks upon their first login via Okta, eliminating manual onboarding.
- Single Sign-On Experience:
With SAML SSO, users can seamlessly access TrustWorks and other integrated applications without needing to re-enter their credentials for each service.
How to set up the TrustWorks integration in Okta
- Add the TrustWorks Application in Okta:
- Go to Applications > Browse App Catalog in the Okta interface.
- Search for "TrustWorks" and click Add Integration.
- Retrieve Integration Details:
- Open the integration and navigate to the Sign On tab.
- Now click to see 'More details'
- Copy and save the following information:
- Sign-On URL
- Signing Certificate
- Issuer
This will be needed for the integration with TrustWorks.
- Assign Users:
- Under Assignments, specify the people or groups who will access TrustWorks.
- If "Allow Okta Only Access" is enabled in TrustWorks, ensure all intended users are assigned.
How to Set Up Okta Integration in TrustWorks
- Access Integration Settings in TrustWorks:
- Navigate to Settings > Integrations.
- Create a new integration and select "Okta" as the type.
- Add Integration Details:
- Integration Name: Provide a descriptive name.
- Authentication Method: Choose "SAML."
- Default Roles: Specify roles (e.g., Admin, Member, Contributor) assigned to new users. If left empty, new users default to Admin.
- Enable Optional Access Restrictions:
- To allow access exclusively through Okta, enable the "Allow Only Okta Access" option. Note that all other login methods will be disabled.
- Configure Okta as the Identity Provider:
Fill in the details copied from Okta:
- Single Sign-On URL (Sign-On URL) : The URL where Okta will send the SAML response after successful user authentication.
- x.509 Certificate (Signing Certificate): The certificate used to verify the SAML response signature.
- IdP URL (Issuer): The URL of the Okta Identity Provider.
- Test the Integration:
- Press Test Connection to ensure proper configuration.
- If successful, save the integration.
- Final Test:
- Sign in to TrustWorks via Okta to confirm the integration works as expected.
Conclusion
Okta Integration with SAML for TrustWorks enables secure and seamless access through Single Sign-On (SSO) while centralising identity management. This integration enhances security, simplifies user management, and provides a unified application access experience for your organisation.