Okta

With this guide you will learn how to integrate GoodAccess with Okta SSO/SCIM.

This feature is available in the Premium plan and higher.

Remember to grant your Okta users access permissions to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Click Create App Integration, select SAML 2.0, and click Next.

Okta Admin console with key steps to creating a new application integration.

Okta Admin console with key steps to selecting SAML 2.0 as a sign-in method for the application integration.

1. General Settings

Give the application a name, and click Next.

Okta Admin console with key steps to setting up the "General Settings".

2. Configure SAML

Copy the details from GoodAccess - (2) GoodAccess links.

General

Single Sign-On URL - Assertion Consumer Service URL
Audience URI (SP Entity ID) - Entity ID
Default RelayState - Relay State
Name ID format - Unspecified
Application username - Email

Attribute Statements

Name

Name format

Value

"email" (without quotes)

Unspecified

user.email

Return to GoodAccess, and click Continue.

Return to Okta, and click Next.

Okta Admin console with key steps to configuring SAML.

3. Feedback

Choose one of the Feedback options, and click Finish.

4. Setting up GoodAccess

In the application go to Sign On > SAML 2.0, and click More details.

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

Sign in URL - Sign on URL
Entity ID - Issuer
X509 signing certificate - Signing Certificate

Okta Admin console with key steps to setting up GoodAccess.

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your Okta SSO with GoodAccess.

Step 3 (optional) - Setting up SCIM

In the application, go to General > App Settings, and click Edit.

Select SCIM, and click Save.

Okta Admin console with key steps to enabling SCIM.

1. SCIM Connection

Go to Provisioning > Integration, and click Edit.

Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

SCIM connector base URL - URL
Unique identifier field for users - "email" (without quotes)
Supported provisioning actions
- Push New Users
- Push Profile Updates
- Push Groups
Authentication Mode - HTTP Header
Authorization - Token

Return to GoodAccess, and click Submit.

Return to Okta, and click Save.

Okta Admin console with key steps to setting up SCIM connection.

2. Provisioning to App

Go to Provisioning > To App, and click Edit.

Enable:

Create Users
Update User Attributes
Deactivate Users

Click Save to finish the configuration.

Okta Admin console with key steps to setting up provisioning to app.

3. (optional) Adding groups to provisioning

Go to Push Groups, and click + Push Groups > Find groups by name/rule.

Find the desired group, and click Save.

Okta Admin console with key steps to adding groups to provisioning.

The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.

You have now successfully set up your Okta SCIM with GoodAccess.

Step 4 - Managing user access

In the application, go to Assigments, and click Assign > Assign to People/Groups.

Choose who should have access, and click Done.

Okta Admin console with key steps to managing user access.

PreviousMicrosoft Entra ID NextOneLogin

Last updated 4 months ago

Was this helpful?