UP9 SAML SSO with Okta

UP9 supports integration with Security Assertion Markup Language 2.0 (SAML 2.0), an XML-based protocol used by web browsers to allow for Single Sign-On (SSO), which enables a user to securely log in to multiple systems via a single portal and a single internal organization account. A key advantage of SAML SSO is that users do not need to register new UP9 accounts — that’s one less login to remember! It also ensures that all members of your organization will be able to utilize UP9, while your internal admin manages who may log in.

Okta Configuration

Okta is a leading provider of SSO services, and this document provides step-by-step instructions on how to set up Okta as an identity provider for your UP9 account.

Add SAML Application in Okta

In the Create a New Application Integration window, select SAML 2.0 and click Create.

In the General Settings window, enter the application name in the App name field and click Next.

Configure SAML Settings

Configure SAML Settings by copying the Keycloak’s Redirect URI (provided by UP9 admin) to Single sign on URL and Audience URI (SP Entity ID) settings.

SAML

For example, if your organization’s domain name is ACME.COM, the URLs (see highlighted above) provided by the UP9 team would look like this:

  • SSO URL: https://auth.up9.app/auth/realms/testr/broker/acme_okta/endpoint
  • Audience URI (SP Entity ID): https://auth.up9.app/auth/realms/testr/broker/acme_okta/endpoint

Okta Advanced Configuration

In the SAML Settings page of your SAML application, locate the Attributes Statements (Optional) section. You should configure three attributes to be sent to UP9 as part of SAML communication.

Select user.firstName from the Value list, provide the firstName Name, and select the Add Another button:

User firstName

Repeat the steps above for additional attributes:

  • Attribute name: lastName - value: user.lastName
  • Attribute name: email - value: user.email

Click Next when done. The outcome should look like the picture below.

Outcome

Configure the Application Type

Configure the application type by completing the fields as indicated below. Click Finish.

Application Type

Finalize the Setup

From the menu, click Sign On configuration for the application you are working on. Hover over the Identity Provider metadata link, right-click, and select Copy Link from the menu.

Finalize Setup

Provide this link to the UP9 team and they will complete the setup on the UP9 side.

Support

For support, feel free to use any one of the three:

  • Join our community Slack at up9.slack.com.
  • Email support@up9.com
  • Use our in-app messaging application to start a conversation.