HOWTO: SAML Okta Configuration

This page will guide you to the process of integrating your Okta SSO with Reemo through SAML.

Note

If your deploy mode gives you access to the Admin Area of the Reemo instance, you can enable SAML integration on the instance instead of per organization.

How To Enable SAML in Reemo

In PrivateCloud, OnPrem, Enterprise environment, SAML can be enabled instance wide and configured in the Connectors section of the Reemo Instance in the Admin Area

../_images/samlokta_gs_connectors.jpg

On the reemo.io instance (Reemo Cloud) or if you have selected the global settings : SAML Sign in per Organization, SAML must be enabled and configured in the Connectors section of each organization

../_images/samlokta_connectors.jpg

SAML Connector Configuration

  • Create a new Connector > SAML Connector inside Reemo

  • Choose a Friendly Name that will be displayed to your Users, fill Issuer/ App URI ID with “reemo”. Some fields will be filled after configuring the app in Okta, you can put any value in them for now. Fill the form like below:

../_images/samlokta_connector.jpg

  • Click on Create to validate your connector, you will need this connector callback url later when configuring your Okta application.

../_images/samlokta_createconnector.jpg

  • Connect to your Okta portal

  • Create a new application on Okta in Applications > Create App Integration > SAML 2.0.

../_images/samlokta_createapp.jpg

  • Fill the Okta App Name with Reemo and click Next

  • Go back to your connectors list on Reemo and copy the callback URL of your newly created connector

../_images/samlokta_callbackurl.jpg

  • Paste the copied URL into the Single sign-on URL field on Okta. Fill the audience URI with reemo and configure the Attribute Statements like below:

../_images/samlokta_appform.jpg

  • Click Next and Finish to finish creating your Okta Application

  • Download the metadata XML from your Metadata URL inside Okta

../_images/samlokta_metadata.jpg

  • Copy the Certificate and the Entry point URL inside Reemo. You can also now enable the connector and click the Update button to save it.

../_images/samlokta_xml.jpg ../_images/samlokta_cert.jpg

Declare your SAML Users

After configuring your SAML connector, you must provision your user from your identity provider inside your organization. You can provision users inside your organization through the “Provision SAML User” button:

../_images/samlazureadduser.png

A popup will invite you to add users by their email inside your organization.

../_images/samlazure_popupadduser.png

Alternatively, instead of provisioning users you can enable Just In Time provisioning on your SAML connector.

../_images/samlokta_jit.jpg

SAML Sign-in

In PrivateCloud, On Premise or Enterprise environment, with SAML Sign in enabled and configured in the global settings, once your users are provisioned, they can log through your identity provider by visiting the following url:

https://[portal_url]/

On the reemo.io instance (Reemo Cloud) or if you have selected the global settings : SAML Sign in per Organization and configured the SAML per Organization, once your users are provisioned, they can log through your identity provider by visiting the following url:

https://[portal_url]/login/[organization_shortname]

Select SAML option and click NEXT

../_images/samlokta_auth.jpg