SSO Okta

OKTA Using SAML

1. Access OKTA admin Console.
2. Navigate to Applications > Applications page, and click on Create App Integration.
3. Choose SAML 2.0 and click on Next.
4. In the SAML setting enter the following:
   • Single sign-on URL: https\://mypileus.auth.us-east-1.amazoncognito.com/oauth2/idpresponse
   • Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-east-1_Uv6ArNdSK
   • Name ID format: EmailAddress
   • Application username: Email
5. Under the section of Attribute Statement write the following:
   • Name:http\://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
   • Value: user.email
6. Navigate to the Sign On tab and copy the Metadata URL - save and send it to Umbrella support to complete the configuration on Umbrella's side ([email protected]).
7. Click on Next, and Finish.

Optionally, to add users and roles from the IdP, follow the steps below

1. Navigate to Directory > Profile editor page and click on the Application you just created.
2. Click on Add Attribute and enter the following information:
   • Display name: anodot cost role
   • Variable name: anodot_cost_role
   • Enable the “Define enumerated list of values”
   • Under the attribute members value enter the role IDs you received from Umbrella
   • Enable the Attribute required checkbox
   • For Attribute type choose the group option
3. Click on Save Attribute.
4. Navigate to the Applications > Applications page and click on the application you created.
5. Under the general tab, click on Edit SAML Settings.
6. Under the Attribute Statement write the following:
   • Name: anodotCostRole
   • Value: appuser.anodot_cost_role
7. (If not done already) Navigate to the Sign On tab and copy the Metadata URL - save and send it to Umbrella support to complete the configuration on Umbrella's side ([email protected]).
8. Under the Assignments tab, you can invite users to Umbrella platform.

OKTA Using OpenID

1. Access OKTA admin Console.
2. Navigate to Applications > Applications page, and click on Create App Integration.
3. Choose the following for the application:
   • Sign-in mrthos: OIDC - OpenID Connect
   • Applicate type: Web Application
4. In the App setting enter the following:
   • Sign-in redirect URIs: https\://mypileus.auth.us-east-1.amazoncognito.com/saml2/idpresponse
   • Controlled access: Skip group assignment for now

Optionally, to add users and roles from the IdP, follow the steps below

1. Navigate to Directory > Profile editor page and click on the User (default).
2. Click on Add Attribute and enter the following information:
   • Display name: anodot cost role
   • Variable name: anodot_cost_role
3. Click on Save Attribute.
4. Navigate to Directory > Profile editor page and click on the application you created in step #2.
5. Click on Add Attribute and enter the following information:
   • Display name: anodot cost role
   • Variable name: anodot_cost_role
   • Enable the “Define enumerated list of values”
   • Under the attribute members value enter the role IDs you received from Umbrella
   • Enable the Attribute required checkbox
   • For Attribute type choose the group option
6. Click on Save Attribute.
7. From the Profile Editor page, under the application you created, click on Mapping.
8. Under the OKTA user to <your_application_name> map the following:

9. Click on Save Mapping.
10. Under the <your_application_name> to OKTA user map the following:

11. Click on Save Mapping, and Apply updates now.
12. Navigate to the Applications page and choose the application you created in step #2.
13. Copy the following values and forward them to Umbrella support to complete the configuration on Umbrella's side ([email protected]):
    1. Client ID (go to General > Client Credentials > Client ID)
    2. Client secret (go to General > Client Credentials > Client secret)
    3. The issuer (go to Sign On > OpenID Connect ID Token > Issuer)
    4. A list of all email domains.
14. Under the Assignments tab, you can invite users to the Umbrella platform.