How can we help?

How to Implement SSO Okta (IdP) to Allbound (SP)

Steve
Steve
  • Updated

Purpose

This article will show Allbound Administrator users how to implement SSO Okta (IdP) to Allbound as the (SP.)

 

How to Configure Allbound as the SP

First, we need to add a new SP to our settings in Allbound:

 

1. Login to the Allbound platform

2. Click on the Settings Gear icon within the top toolbar and then click "SSO Connections"

 

settings_gear_sso_new_ui.png

 

3. Within the SAML SSO Connections section, click the "Add New Connection" button

 

help_center_sso_okta1.png

 

4. Click on the "Create IDP To Connect To" button

 

help_center_sso_okta2.png

 

5. Within the Configure SAML SSO Connection/IDP Edit screen, fill out the highlighted boxes as shown in the below image:

 

okta_allbound_config.png

 

6. Give the IDP a Name and Description. The name will appear on the login button if activated at the bottom of the page

 

The implementation will require two values to complete the configuration on the Allbound side, with an additional optional value.

 

Login/SingleSignOnService URL: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the SingleSignOnService value. 

Issuer ID: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the entityId value, near the top of the file. 

Entity ID: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the entityId value, near the top of the file. 

Logout URL: This value is from Okta but is optional, it may be the same as the Login URL. 

X509 Certificate: This value is generated by Okta to be shared with Allbound. This value can be located in the Okta metadata XML file and should be in PEM format when added to the “Certificate” field. To achieve this format, simply paste the certificate between the following text. -----BEGIN CERTIFICATE-----

-----END CERTIFICATE-----

 

The final result should appear similar to the following example: 

-----BEGIN CERTIFICATE-----

MIIDoDCCAoigAwIBAgIGAWonDGnhMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGFsbGJvdW5kMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE5MDQxNjE2NDcwNloXDTI5MDQxNjE2NDgwNlowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIYWxsYm91bmQxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUq5iMQ/CB3Mj6UjGJvACh72Mv//k4U+UeL/NA/knJJ0H60Ijdybu8X4gb1YyegJEhYG9R2Zfr+0wdvDuK+77Rur0/gehbvnId5d9BHBrdFYhhR5taGY6iGtHTGfgbWn6/bdQvUPSLJNPaJ4jfynp3skf/likUKYKuV9NzLp7NMl1C9pFJOKR7GvwNpD79dbn/0zNbQOzua2tr8HT+B6lb0ULLZACRdM38vFvN9SbQoR6+atz/ZT8Th82l6759JtCK77QXZv0BvKxDGLkw9Hhue31q12Yj7yNLDexkmy1iRYSNn+LhV7uemzCWCBvKqrw9Vnodlvh8IS53HZlmk47zLvoP4qrHmnR7sR9WhoDVdL5YDLl2hx60Je8=

-----END CERTIFICATE-----

Allbound Attribute Mappings

Configure the following attribute mappings in Allbound:

Email => email

First Name => first_name

Last Name => last_name

 

How to Configure Okta for a New IDP

Okta requires two values from Allbound to configure in the Okta SSO settings. 

Entity(Issuer) ID: This value is your Allbound portal URL. 

Example: https://myportal.allbound.com/

**NOTES** 

  • Include the forward slash (“/”) at the end of the URL. 
  • If you have a custom domain implemented, you may use the custom domain as the Entity ID.

Assertion URL/ACS URL: This value is your Allbound portal URL /acs. 

Example: https://myportal.allbound.com/acs

**NOTES** 

  • If you have a custom domain implemented, you may use the custom domain as the Entity ID.

The following screenshot shows what information is used in what fields.

 

Configuring Attributes: Okta is required to have 3 attributes to be passed with specific keys. Go to Applications - > Allbound POC - > General - > SAML Settings. Under SAML settings click edit (you can do this at initial setup as well) and add the following attributes under the attributes section: 

Email => email

First Name => first_name

Last Name => last_name

 

If you still have questions, please reach out to your Customer Success Manager or Open a Support Ticket.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request