UP9 SAML SSO with Okta
UP9 supports integration with Security Assertion Markup Language 2.0 (SAML 2.0), an XML-based protocol used by web browsers to allow for Single Sign-On (SSO), which enables a user to securely log in to multiple systems via a single portal and a single internal organization account. A key advantage of SAML SSO is that users do not need to register new UP9 accounts — that’s one less login to remember! It also ensures that all members of your organization will be able to utilize UP9, while your internal admin manages who may log in.
Okta Configuration
Okta is a leading provider of SSO services, and this document provides step-by-step instructions on how to set up Okta as an identity provider for your UP9 account.
Add SAML Application in Okta
In the Create a New Application Integration window, select SAML 2.0 and click Create.
In the General Settings window, enter the application name in the App name field and click Next.
Configure SAML Settings
Configure SAML Settings by copying the Keycloak’s Redirect URI (provided by UP9 admin) to Single sign on URL and Audience URI (SP Entity ID) settings.
For example, if your organization’s domain name is ACME.COM, the URLs (see highlighted above) provided by the UP9 team would look like this:
- SSO URL:
https://auth.up9.app/auth/realms/testr/broker/acme_okta/endpoint
- Audience URI (SP Entity ID):
https://auth.up9.app/auth/realms/testr/broker/acme_okta/endpoint
Okta Advanced Configuration
In the SAML Settings page of your SAML application, locate the Attributes Statements (Optional) section. You should configure three attributes to be sent to UP9 as part of SAML communication.
Select user.firstName
from the Value list, provide the firstName
Name, and select the Add Another button:
Repeat the steps above for additional attributes:
- Attribute name:
lastName
- value:user.lastName
- Attribute name:
email
- value:user.email
Click Next when done. The outcome should look like the picture below.
Configure the Application Type
Configure the application type by completing the fields as indicated below. Click Finish.
Finalize the Setup
From the menu, click Sign On configuration for the application you are working on. Hover over the Identity Provider metadata link, right-click, and select Copy Link from the menu.
Provide this link to the UP9 team and they will complete the setup on the UP9 side.
Support
For support, feel free to use any one of the three:
- Join our community Slack at up9.slack.com.
- Email support@up9.com
- Use our in-app messaging application to start a conversation.