SSO : SINGLE SIGN-ON
Single Sign-On (SSO) allows a user to connect once and be able to reuse these same identifiers to connect to several services.
Best known example: Facebook. I have a Facebook account with username + password. I can reuse them to connect to other sites. So I don't have to memorize multiple passwords, just one is enough.
SSO : STEEPLE / OKTA
NOTE : Okta does not allow provisioning to be set up if SSO is not configured. Neither Okta's nor Steeple's configuration allows this.
Here is a step-by-step guide to setting up SSO between Steeple and Okta. The applications must "chat", so you must configure both Steeple and Okta.
In Okta
First of all, the Okta directory must have a “Steeple” application (or another name). They therefore configure the directory as follows:
Applications > Applications > Create App Integration
Click on "Create App Integration" to create the application.
Choose sign on method : SAML 2.0
After validation, name your application:
Click on “Next”. You will be redirected to a SAML 2.0 configuration interface.
In Steeple
However, before that, you must provide yourself with the necessary URLs; you will find them in Steeple:
Administration > Integrations > Install
SSO settings on Steeple:
The name of the SSO login button can be set. If no name is given, “Login via SSO” is displayed by default.
Reserved domains:
It is possible to reserve domain names on Steeple in order to detect it/them on the login page and display the correct login button.
Example: it is possible to connect in SSO at Steeple with GSuite. Steeple has reserved the domain steeple.fr and, therefore, when an address @steeple.fr is entered in the e-mail field of the login form, the button "Connect with GSuite"appears automatically instead of the "Password" field.
Then click on Take the next step.
___________________________________________________________________________________
The rest of the configuration is made up of several "round trips" between the interfaces of Steeple and Okta:
Go to "Metadata" in Steeple. These are links provided by Steeple to enter Okta.
In Okta
You have to copy-paste these links and enter them in the associated fields in Okta.
You also need to change the fieldName ID format » and choose «EmailAddress in the drop-down list:
Then move on to “mapping” (screenshot below). Be sure to respect the fields present on the screenshot and the naming.
The screenshot below describes the last stepfor mother/daughter or granddaughter communities:
Okta will ask for feedback (probably for internal statistics); choose “I'm a software vendor. I'd like to integrate my app with Okta” and click on “Finish”.
You must now enter the Okta metadata present in a link, in the YELLOW “SAML 2.0” insert.To get the link, go to the "Sign on" tab in the application and click on “copy” for the "Metadata URL"
In Steeple
Paste the metadata URL in the corresponding field in STeepl and clic "Import matadata"
Mandatory configuration if there are mother/daughter or granddaughter communities:
You must associate the Okta groups corresponding to your child communities in the Steeple interface:
For Okta, just enter the name of the group by replacing spaces with underscores ( _ ).
This step is essential for the proper functioning of SSO with Steeple.
The SSO configuration is now complete. Now we need Save configuration.
Additional questions
What happens if I log in in SSO while I previously logged in in the classic way?
My email address is the same as my Okta account I log in with:
Nothing is happening. My authentication mode changes, but my account is not modified, I can continue to use Steeple as I did before.
My email address at Steeple is different from that of my Okta account with which I want to connect in SSO:
This will create another account for me. You must therefore change your email address in order to benefit from this type of authentication.