Purpose
This article will show Allbound Administrator users how to implement SSO Okta (IdP) to Allbound as the (SP.)
How to Configure Allbound as the SP
First, we need to add a new SP to our settings in Allbound:
1. Login to the Allbound platform
2. Click on the Settings Gear icon within the top toolbar and then click "SSO Connections"
3. Within the SAML SSO Connections section, click the "Add New Connection" button
4. Click on the "Create IDP To Connect To" button
5. Within the Configure SAML SSO Connection/IDP Edit screen, fill out the highlighted boxes as shown in the below image:
6. Give the IDP a Name and Description. The name will appear on the login button if activated at the bottom of the page
The implementation will require two values to complete the configuration on the Allbound side, with an additional optional value.
Login/SingleSignOnService URL: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the SingleSignOnService value.
Issuer ID: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the entityId value, near the top of the file.
Entity ID: This value is from Okta and is required. This value can be located in the Okta metadata XML file as the entityId value, near the top of the file.
Logout URL: This value is from Okta but is optional, it may be the same as the Login URL.
X509 Certificate: This value is generated by Okta to be shared with Allbound. This value can be located in the Okta metadata XML file and should be in PEM format when added to the “Certificate” field. To achieve this format, simply paste the certificate between the following text. -----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
The final result should appear similar to the following example:
-----BEGIN CERTIFICATE-----
MIIDoDCCAoigAwIBAgIGAWonDGnhMA0GCSqGSIb3DQEBCwUAMIGQMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzENMAsGA1UECgwET2t0YTEUMBIGA1UECwwLU1NPUHJvdmlkZXIxETAPBgNVBAMMCGFsbGJvdW5kMRwwGgYJKoZIhvcNAQkBFg1pbmZvQG9rdGEuY29tMB4XDTE5MDQxNjE2NDcwNloXDTI5MDQxNjE2NDgwNlowgZAxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMQ0wCwYDVQQKDARPa3RhMRQwEgYDVQQLDAtTU09Qcm92aWRlcjERMA8GA1UEAwwIYWxsYm91bmQxHDAaBgkqhkiG9w0BCQEWDWluZm9Ab2t0YS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUq5iMQ/CB3Mj6UjGJvACh72Mv//k4U+UeL/NA/knJJ0H60Ijdybu8X4gb1YyegJEhYG9R2Zfr+0wdvDuK+77Rur0/gehbvnId5d9BHBrdFYhhR5taGY6iGtHTGfgbWn6/bdQvUPSLJNPaJ4jfynp3skf/likUKYKuV9NzLp7NMl1C9pFJOKR7GvwNpD79dbn/0zNbQOzua2tr8HT+B6lb0ULLZACRdM38vFvN9SbQoR6+atz/ZT8Th82l6759JtCK77QXZv0BvKxDGLkw9Hhue31q12Yj7yNLDexkmy1iRYSNn+LhV7uemzCWCBvKqrw9Vnodlvh8IS53HZlmk47zLvoP4qrHmnR7sR9WhoDVdL5YDLl2hx60Je8=
-----END CERTIFICATE-----
Allbound Attribute Mappings
Configure the following attribute mappings in Allbound:
Email => email
First Name => first_name
Last Name => last_name
How to Configure Okta for a New IDP
Okta requires two values from Allbound to configure in the Okta SSO settings.
Entity(Issuer) ID: This value is your Allbound portal URL.
Example: https://myportal.allbound.com/
**NOTES**
- Include the forward slash (“/”) at the end of the URL.
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.
Assertion URL/ACS URL: This value is your Allbound portal URL /acs.
Example: https://myportal.allbound.com/acs
**NOTES**
- If you have a custom domain implemented, you may use the custom domain as the Entity ID.
The following screenshot shows what information is used in what fields.
Configuring Attributes: Okta is required to have 3 attributes to be passed with specific keys. Go to Applications - > Allbound POC - > General - > SAML Settings. Under SAML settings click edit (you can do this at initial setup as well) and add the following attributes under the attributes section:
Email => email
First Name => first_name
Last Name => last_name
If you still have questions, please reach out to your Customer Success Manager or Open a Support Ticket.