Okta

The Okta integration allows you to sync SysAid with your Okta account so you can automatically log in to SysAid whenever you log in to Okta.

For this integration to work, you must be running SysAid 16.1.25 or higher.

Set up your SysAid app in Okta

1. Login to Okta as an administrator.
2. In your Okta console, click Add Application.
   
3. Click Create New App.
   
4. Select the SAML 2.0 option button.
5. Click Create.
   
6. Enter SysAid in the App Name field.
7. (Optional) Click Browse to select a logo, and click Upload Logo.
8. Click Next.
   
9. In the Single Sign On URL field, enter your account URL with the following extension addons/okta/jsp/consume.jsp appended to it.
10. In the Audience URI field, enter urn:okta:sysaid.
11. From the Name ID Format drop-down list, select EmailAddress.
12. From the Application Username drop-down list, select Okta username.
13. Click Show Advanced Settings.
    ss
14. From the Response drop-down list, select Signed.
15. From the Assertion Signature drop-down list, select Unsigned.
16. From the Signature Algorithm drop-down list, select RSA-SHA256
17. From the Digest Algorithm drop-down list, select SHA256.
18. From the Assertion Encryption drop-down list, select Unencrypted.
19. From the Authentication Context Class drop-down list, select X.509 Certificate.
20. From the Honor Force Authentication drop-down list, select Yes.
    
21. In the Attribute Statements section add the following attributes:

    Name	Name Format	Value
    firstName	Basic	user.firstName
    lastName	Basic	user.lastName
    email	Basic	user.email
    username	Basic	user.login

22. Click Next.
    
23. In the Feedback tab, click Finish.
    
24. In the Sign On tab, Click View Setup Instructions.
    
25. Copy the URL from the Identity Provider Single Sign-On URL field.
    
26. On the main Third-Party Integrations page, in the Okta icon, click .
27. Paste the URL that you copied in step above into the Okta Base URL field.
    
28. Back in Okta, copy the contents of the Identity Provider Issuer field.
29. In the original window, click the General tab.
30. In the SAML Settings area, click Edit.
31. Click Next.
32. Click Show Advanced Settings.
33. Paste the copied contents of the Identity Provider Issuer field into the SAML Issuer ID field.
34. Click Next and return to the Sign On tab.
35. Copy the contents of the of the X.509 Certificate field between the Begin Certificate and End Certificate lines.
36. In SysAid, paste the text into the Okta Certificate field.
37. In the Okta CallbackURL field, enter your account URL with the following extension addons/okta/jsp/consume.jsp appended to it.
38. In Okta, from the main menu, select Security>API.
39. Click Create Token.
    
40. Enter a token name.
41. ClickCreate Token.
    
42. Copy the API Token from the Token Value field.
43. In SysAid, paste the text into the Okta API Token field.
44. (Optional) If you want SysAid to create new users with their Okta IDs, Enter "Y" in the Create New Users field.
45. (Optional) If you selected to allow SysAid to create new users with their Okta IDs, you can replace the Okta domain name with any name you want in the Domain Mapping field. For example, "MyDomain= MyCompany.com, MyDomain2= MyCompany.com". If you want user names to contain the user's original domain, leave this field blank.
46. Click the slider to activate the Okta integration.
47. Click Save Changes.