Skip to main content
Sign in
Dansk Deutsch Nederlands

Implementation SSO - Okta

  • Updated

Please note: this article is part of SSO Implementation - Workspace & SSO Implementation - Mobile app.

An application must be created within the IdP.

  1. Log in to Okta
  2. Go to Applications > Applications
  3. Click on “Create App Integration
  4. Select “SAML 2.0
  5. Enter a name, e.g.: “Springcast PRO - Workspaces” or “Springcast PRO - Mobile app”
  6. Under “Single sign-on URL,” enter: the value under SSO settings in Springcast, called “SP Reply URL (ACS)”
    1. Please note: after you have entered the SSO settings in Springcast PRO, the SP Entity ID will be updated. You will also need to update this later in Okta.
  7. Enter the following in “Audience URI (SP Entity ID)”: the value in SSO settings in Springcast, called “SP entity ID”
  8. Under “Name ID format,” enter: EmailAddress
  9. Under “Application username,” enter: Email

  10. Under Attribute Statements (optional), add the following elements: 

    Name Name format Value
    email Unspecified user.email
    first_name Unspecified user.firstName
    last_name Unspecified user.Lastname
    name Unspecified user.login

  11. Under Group Attribute Statements (optional), add the following element: 

    Name Name format Filter
    groups Unspecified Starts with: springcast
  12. Note: in this example, we assume that you have created one or more groups that start with springcast, e.g. springcast_team_member, springcast_editor, springcast_publisher.
  13. Click Next
  14. Click Finish

Set up SSO

Within PRO Workspaces, you can enable SSO under “People & access.” You can then manage the SSO settings.

Settings

The following fields must be filled in:

  1. Metadata: the value listed in the application under “Metadata URL”.
  2. ACS: the value listed in the application under “Sign on URL”.
  3. Entity ID: the value listed in the application under “Issuer”.
  4. Certificate: download the certificate and open it with a text editor. Then copy & paste the content into “Certificate”.
  5. Save the form & reload the page
  6. The value in "SP Reply URL (ACS)" has now been updated. Copy this value and update this in the Okta application. It is important that the "Single Sign On URL" in Okta application has the parameter "hash". 

Role mapping

Role mapping allows you to automatically link users to roles in the workspace. Enter the name of the group in Okta for the relevant role/group in Springcast.

See also Groups.

Related articles