How to Set Up Central SSO with Okta

 Article #: GEN1003CE  Product: Central   Version: Production

 

When you log in to your Okta Admin Portal account, this is what it looks like:

Go to Directory > People to add users to the IdP.

Tip: Make sure to add Users or Groups to the Application through Assignments.

  1. Go to Applications > Applications and select Create App Integration

  1. Select SAML 2.0 and click Next

  2. Choose an App name. In this case, I chose "MadCap Central"

  3. Click Next
    For Single Sign On URL, follow this format to set the login page URL:

    Copy
     https://[vanity].madcapcentral.com/#/login

    Tip: Keep the 'Use this for Recipient URL and Destination URL' option checked.

    For Audience URI (SP Entity ID), follow this format to set their Central Site URL:

    Copy 
     https://[vanity].madcapcentral.com/

    • Leave Default RelayState blank

    • Name ID format is set to 'Unspecified'

    • Application username is set to 'Okta username'

    • Update application username on is set to 'Create and update'

  4. Click 'Show Advanced Settings':

    Okta Endpoints

    Here, add the SAML Endpoint for Portal and Single Log Out (SLO) in 'Other Requestable SSO URLs' section.

    The values for SAML Endpoint for Portal should look like this:

    Copy 
     https://[vanity].api.madcapcentral.com/api/users/SamlLoginSucceeded

    The values for Single Log Out (SLO) should look like this:

    Copy 
     https://[vanity].madcapcentral.com

    Tip: If they also want to add the SAML Endpoint for Sites, they would also add it here.

    The SAML Endpoint for Sites should look like this:

    Copy 
     https://[vanity].mcoutput.com/api/users/SamlLoginSucceeded

    (Optional) For mapped domains/CNAME, please try this SAML Endpoint URL:

    Copy 
    https://[host mapped domain]/api/users/SamlLoginSucceeded

    Tip: Make sure the Index values are different for each entry.

    Tip: Leave the rest of the values at the bottom of this page set to their default values.

    Advanced Options

  5. Click Next
    • When you are prompted with "Are you a customer or partner?", it does not matter what the user's answer is. After selecting either answer, clickFinish.

The MadCap Central Application in Okta is now ready.

MadCap Central Portal SSO setup

Next, connect this Application to the users' MadCap Central License.

  1. Go to MadCap Central Portal

  2. On the top right-hand side, select the License Icon

  3. Select License Settings
    License Settings

  4. Select Single Sign-on [Beta]

  5. Select Change Settings

  6. Check Enable SSO for Central login option
    SSO Setup

  7. Now you can set the values for SAML 2.0 Login Endpoint (HTTP), Identity Provider Issuer and Public Certificate

    • The information needed for the next fields can be found in Okta Portal > Applications > Applications > Sign On tab > View SAML setup instructions:
      SAML Instructions

      We should see this page here:
      SAML Information

    Use this information to fill out the fields in Central portal. Once the steps below are complete, click save and your SSO setup is complete.

    Tip: The SLO Logout Endpoint is optional.

    • Set SAML 2.0 Login Endpoint (HTTP) to Identity Provider Single Sign-On URL

    • Set Identity Provider Issuer to Identity Provider Issuer

    • Set Public Certificate to X.509 Certificate

      Tip: Be sure to include the entire certificate, including all of the dashes.


      SAML Information

 

Attribution:

Last updated:

April 30, 2024

Author:

John Castaneda

Contributions by:

John Castaneda

John Dela Cruz