Okta
    • 08 Jun 2022
    • PDF

    Okta

    • PDF

    Article summary

    The Okta integration allows you to sync SysAid with your Okta account so you can automatically log in to SysAid whenever you log in to Okta.

    For this integration to work, you must be running SysAid 16.1.25 or higher.

    Note

    Only an admin with SysAid Administrator permissions can set up this integration.

    You cannot activate this integration if another single-sign on integration has already been enabled for SysAid.

    Set up your SysAid app in Okta

    1. Login to Okta as an administrator.
    2. In your Okta console, click Add Application.
      IntegrationOktafiles1.JPG
    3. Click Create New App.
      IntegrationOktafiles2.JPG
    4. Select the SAML 2.0 option button.
    5. Click Create.
      IntegrationOktafiles3.JPG
    6. Enter SysAid in the App Name field.
    7. (Optional) Click Browse to select a logo, and click Upload Logo.
    8. Click Next.
      IntegrationOktafiles4.JPG
    9. In the Single Sign On URL field, enter your account URL with the following extension addons/okta/jsp/consume.jsp appended to it.
    10. In the Audience URI field, enter urn:okta:sysaid.
    11. From the Name ID Format drop-down list, select EmailAddress.
    12. From the Application Username drop-down list, select Okta username.
    13. Click Show Advanced Settings.
      IntegrationOktafiles5.JPGss
    14. From the Response drop-down list, select Signed.
    15. From the Assertion Signature drop-down list, select Unsigned.
    16. From the Signature Algorithm drop-down list, select RSA-SHA256
    17. From the Digest Algorithm drop-down list, select SHA256.
    18. From the Assertion Encryption drop-down list, select Unencrypted.
    19. From the Authentication Context Class drop-down list, select X.509 Certificate.
    20. From the Honor Force Authentication drop-down list, select Yes.
      IntegrationOktafiles6.JPG
    21. In the Attribute Statements section add the following attributes:
      Name
      Name Format
      Value
      firstNameBasicuser.firstName
      lastNameBasicuser.lastName
      emailBasicuser.email
      usernameBasicuser.login
    22. Click Next.
      IntegrationOktafiles7.JPG
    23. In the Feedback tab, click Finish.
      IntegrationOktafiles8.JPG
    24. In the Sign On tab, Click View Setup Instructions.
      IntegrationOktafiles9.JPG
    25. Copy the URL from the Identity Provider Single Sign-On URL field.
      IntegrationOktafiles10.JPG
    26. On the main Third-Party Integrations page, in the Okta icon, click IntegrationsfilesGreenCog12.jpg.
    27. Paste the URL that you copied in step above into the Okta Base URL field.
      IntegrationOktafiles15.PNG
    28. Back in Okta, copy the contents of the Identity Provider Issuer field.
    29. In the original window, click the General tab.
    30. In the SAML Settings area, click Edit.
    31. Click Next.
    32. Click Show Advanced Settings.
    33. Paste the copied contents of the Identity Provider Issuer field into the SAML Issuer ID field.
    34. Click Next and return to the Sign On tab.
    35. Copy the contents of the of the X.509 Certificate field between the Begin Certificate and End Certificate lines.
    36. In SysAid, paste the text into the Okta Certificate field.
    37. In the Okta CallbackURL field, enter your account URL with the following extension addons/okta/jsp/consume.jsp appended to it.
    38. In Okta, from the main menu, select Security>API.
    39. Click Create Token.
      IntegrationOktafiles12.PNG
    40. Enter a token name.
    41. ClickCreate Token.
      IntegrationOktafiles13.PNG
    42. Copy the API Token from the Token Value field.
    43. In SysAid, paste the text into the Okta API Token field.
    44. (Optional) If you want SysAid to create new users with their Okta IDs, Enter "Y" in the Create New Users field.
    45. (Optional) If you selected to allow SysAid to create new users with their Okta IDs, you can replace the Okta domain name with any name you want in the Domain Mapping field. For example, "MyDomain= MyCompany.com, MyDomain2= MyCompany.com". If you want user names to contain the user's original domain, leave this field blank.
    46. Click the slider to activate the Okta integration.
    47. Click Save Changes.
      IntegrationOktafiles14.PNG

    What's Next