This article will guide Admin users step-by-step on how to configure SSO using Okta
Contents
Why set up single sign-on?
Single sign-on (SSO) allows EdApp to identify users through an external Identity Provider (IDP).
Instead of manually registering learners, users are directed to their company identity portal, fill in their company login details, and are redirected back to EdApp. This enables a user to log in to multiple systems via a single portal. On EdApp's side, a user is internally created to match the user's details sent back from the IDP.
Ensure the person setting up SSO has admin privileges to both EdApp and the SSO provider.
Configure SSO in Okta
First, let’s start with setting up SSO in Okta (we’ll move on to set this up in EdApp once this part is completed).
Step 1: Sign in to the Okta Admin portal using your administrator account. Browse to Applications --> Applications in the left-hand menu and click Create App Integration.
Step 2:
-
Select SAML 2.0 and click Next
-
Fill in EdApp in the App name field
-
Upload the EdApp icon. This can be found here: EdApp icon
-
Select Next.
Step 3: Fill in Single sign on URL with https://api.edapp.com/sso-saml-callback/<yourcompany> where <yourcompany> is an easy to remember identifier related to your company. Your learners will use this to login.
Step 4: Populate Audience URI (SP Entity ID) with https://web.edapp.com/{companyID}.
You can replace company ID above with your organization's company ID e.g. https://web.edapp.com/acmeventures
Step 5: Choose EmailAddress for the Name ID format
Step 6: Choose Okta username for the Application username
Step 7: Click Download Okta Certificate
Step 8: Custom fields
In the Attribute Statements section, you can send additional information about your learners via custom fields including job title, first name, last name, active status or any custom fields you'd like. To configure this, the names of the custom fields in EdApp need to match the values that you configure in this section.
The firstname and lastname fields are fields that are default fields in EdApp that can be populated without adding a custom field, the attribute has to be added though.
It is important to leave the Name format "Unspecified".
Click Next to continue
Step 9:
-
Select I'm an Okta customer adding an internal app
-
Select This is an internal app that we have created
-
Click Finish
Step 10:
Click View Setup Instructions
-
Copy the Identity Provider Single Sign-On URL: We will need the below information when configuring SSO in EdApp
-
Download the certificate
Step 11: Make sure to give users access to the application in the Assignments tab
EdApp will now show up in the My Apps menu on Okta
Configure SSO in EdApp
Step 12: Sign in to Ed LMS using your Ed Admin account, and click on the dropdown arrow located on the upper right of your screen. Select Single Sign-On.
Step 13: Choose Connect with SAML 2.0
Step 14:
-
Tick the Enable Single Sign-On box
-
Populate the Company ID with the same unique company identifier as above. E.g. samplecompany
-
Populate SSO URL with the value Identity Provider Single Sign-On URL: from Step 6
-
Populate the SAML Entity ID with https://web.edapp.com/{companyID}.
-
Upload the certificate downloaded from Okta in Step 10
.png?width=655&height=188&name=image%20(54).png)
Reminder: Learner SSO works ONLY with
.cer, .crt and .pemfile certificates. If the certificate you downloaded in Step 10 is not a.cer, .crt and .pemfile you may need to change its file extension.
Congratulations! You’ve just configured your EdApp account with SSO, using Okta. At this point, we recommend completing a round of testing by attempting to log in via SSO. If you get stuck at any point along the way, be sure to reach out to our live chat desk, or your EdApp account manager - we’d be happy to lend a helping hand. Additionally, feel free to share this Learner Guide for logging into EdApp using SSO with your users.