Configure SAML with OKTA
If you use OKTA as your SAML identity provider (IdP), you can use the information in this document to set up SAML authentication for your LMS.
These steps assume that you have permissions for modifying your organization’s OKTA portal.
Note: These steps reflect a third-party application and are subject to change without our knowledge. However, even if the steps described here do not fully match the screens you see in your IdP account, using these steps along with the IdP’s documentation should still enable you to configure the integration.
Step One: Begin Adding The Integration In The LMS
- While signed in to the LMS as an administrator, go to System > Integration > Single Sign-On (SSO) > SAML Sign-In
- Click the + Add An Integration button.
- Select OKTA from the list of SAML Identity provider.
- Keep this screen/tab open for now as we will refer to it later.
Figure 1: Add A New Integration Screen in The LMS
Step Two: Adding The LMS To Your OKTA Applications
- In a new tab/window, access OKTA.
- Go to Applications > Applications > Create App Integration.
- Select the SAML 2.0 option then click Next.
Figure 2: OKTA > Create SAML Integration
- Edit the App Name, entering My LMS.
- Accept other default values for now and click Next.
- Keep this screen/tab open for now as we will refer to it later.
Step Three: Add Service Provider Details To OKTA
In this step, we’ll define the service provider values that OKTA will need to identify your app.
- On the Add A New Integration screen in the LMS, go to the Service Provider Details section.
- Copy values from the LMS into the OKTA SAML Settings fields as shown below.
| Copy LMS Field Value | to | OKTA SAML Settings Field |
|---|---|---|
| Entity ID | > | Audience URI (SP Entity ID) |
| Assertion Consumer Service / SSO Service | > | Single sign on URL |
| Single Logout Service | > | Single Logout URL |
- Set Name ID format to EmailAddress.
- Leave all other values under SAML Settings as the default values.
Step Four: Defining User Attributes
In this step, we’ll define the information about the user (id, email address, first name, last name) that need to be passed to the LMS.
- Still in OKTA, scroll down to Atributes Statements section.
- In the Name section to the left, enter "uuid" (without quotations).
- In the Value section to the right, enter "user.id" (without quotations).
- Repeat this sequence three more times, using the fields/values below (clicking Add Another to add a new set of fields).
| Field | > | Value |
|---|---|---|
| emailAddress | > | user.email |
| firstName | > | user.firstName |
| lastName | > | user.lastName |
- Once you have finished adding the attributes above, scroll down and click the Next button.
- On the following screen you'll be asked a couple questions from OKTA regarding the type of app you have added — Select I'm an Okta customer adding an internal app and This is an internal app that we have created and then click Finish.
Note: Even though OKTA may provide additional user data that can be passed as parameters, only the paramters listed above are compatible with the LMS; all other values will be ignored.
Step Five: Add Identity Provider Details To The LMS
In this step, you'll provide the LMS with the SAML Identity provider values it needs to communicate with OKTA.
- In the OKTA app UI, select the Sign On tab (if it's not already selected).
- Click on the blue button that reads View Setup Instructions.
- Copy values from the window/tab that opens and paste them into the Identity Provider Details section of the LMS, as shown below.
| Copy Field Value | to | LMS Field Value |
|---|---|---|
| Identity Provider Issuer | > | Entity ID / Issuer URL |
| Identity Provider Single Sign-On URL | > | SAML 2.0 Endpoint / SSO URL |
| X.509 Certificate | > | X.509 Certificate |
After copying values from the SSO tab into the Identity Provider Details section of the LMS, it should look something like this:
Figure 3: LMS Identity Provider Details
Step Six: Finshing Up & Testing
At this point you've completed all the necessary steps to configure the LMS application in OKTA.
In the LMS, on the Add A New Integration screen, finish configuring the User Login settings and then click Save
to save the integration in the LMS.
To test your new integration, you'll need to give users access to your new application in OKTA before using the newly generated LMS login
link for this integration. For more information on granting users access to your application via OKTA, please refer to the IdP's documentation.