Skip to content
Griffin31 Help Center

LayerX Onboarding - OKTA

Okta Integration Guide: Configuring SAML Identity Provider and Routing Rules

Integrating identity providers (IdPs) within your Okta environment ensures a seamless and secure authentication experience. This guide outlines the steps to configure a SAML 2.0 IdP, set up routing rules, and implement additional security factors for specific users.

Step 1: Configuring the SAML Identity Provider

  1. Access the Admin Panel    - Navigate to Security > Identity Providers within the Okta Admin Panel.    - Click on Add Identity Provider and select SAML 2.0 IdP.

  2. Authentication Settings    - Configure the authentication settings as per your organization’s requirements.    - Note: The IdP username used at this stage is temporary and will be updated later.

  3. SAML Protocol Settings    - Ensure that the following are configured correctly:      - IdP Issuer URI      - IdP Single Sign-On URL      - Destination    - These settings must align with the appropriate URLs and endpoints.

  4. Upload the Public Key    - Navigate to the IdP Signature Certificate section and upload your public key.    - Save the file as public.pem.

  5. Edit Profile and Mapping    - After configuring the initial settings, select your IdP and click on Edit Profile and Mapping.    - Add an attribute for extracting the user’s email. Use the following external name value:      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress.

  6. Update IdP Username    - Navigate to Configure Identity Provider and change the IdP Username to idpuser.actualEmail.    - Save your changes.

Step 2: Configuring IdP Routing Rules

  1. Create a Routing Rule    - Go to Security > Identity Providers > Routing Rules and click on Add Routing Rule.    - Configure the rule based on user attributes, such as department or custom fields.

  2. Assign Applications and Devices    - Select the applications and devices that will use the LayerX IdP.    - Create the rule and ensure it is active.

Step 3: Configuring Extra Security Factors for Specific Users

  1. Add an Attribute for Extra Factors    - Navigate to Directory > Profile Editor and select User (Default).    - Click on Add Attribute and configure it as shown in the guide.

  2. Enable Extra Factor for Specific Users    - Go to Directory > People and select the user for whom you want to enable the extra factor.    - Edit the user’s profile, update the relevant field to true, and save.

  3. Configure Routing Rule for Extra Factor    - Ensure that the routing rule is configured to filter users based on extraFactorEnabled.    - Navigate to Security > Identity Provider > Routing rules, select the LayerX IdP routing rule, and adjust the configuration accordingly.

Conclusion

By following these steps, you can effectively integrate a SAML 2.0 IdP within your Okta environment, configure routing rules for specific user groups, and implement additional security factors. This setup ensures a robust and secure authentication framework tailored to your organization’s needs.