Okta
With this guide you will learn how to integrate GoodAccess with Okta SSO/SCIM.
This feature is available in the Premium plan and higher.
Please note: Changing the login method to identity provider will permanently delete all Members you invited. Your team Members will be automatically added to GoodAccess upon their first login. Manually added Members will stay.
Remember to grant your Okta users access permissions to GoodAccess. Users without them won't be able to log in.
Step 1 - Adding a new identity provider
Log in to the GoodAccess Control Panel, and go to Settings > SSO & MFA.
Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.
Step 2 - Setting up Single Sign-On with SAML
Log in to the Okta Admin console, go to Applications > Applications.
Click Create App Integration, select SAML 2.0, and click Next.
1. General Settings
Give the application a name, and click Next.
2. Configure SAML
Copy the details from GoodAccess - (2) GoodAccess links.
General
Single Sign-On URL - Assertion Consumer Service URL
Audience URI (SP Entity ID) - Entity ID
Default RelayState - Relay State
Name ID format - Unspecified
Application username - Email
Attribute Statements
Name | Name format | Value |
---|---|---|
"email" (without quotes) | Unspecified | user.email |
Return to GoodAccess, and click Continue.
Return to Okta, and click Next.
3. Feedback
Choose one of the Feedback options, and click Finish.
4. Setting up GoodAccess
In the application go to Sign On > SAML 2.0, and click More details.
Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.
Sign in URL - Sign on URL
Entity ID - Issuer
X509 signing certificate - Signing Certificate
If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.
You have now successfully set up your Okta SSO with GoodAccess.
Step 3 (optional) - Setting up SCIM
In the application, go to General > App Settings, and click Edit.
Select SCIM, and click Save.
1. SCIM Connection
Go to Provisioning > Integration, and click Edit.
Copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).
SCIM connector base URL - URL
Unique identifier field for users - "email" (without quotes)
Supported provisioning actions
Push New Users
Push Profile Updates
Push Groups
Authentication Mode - HTTP Header
Authorization - Token
Return to GoodAccess, and click Continue, and Submit.
Return to Okta, and click Save.
2. Provisioning to App
Go to Provisioning > To App, and click Edit.
Enable:
Create Users
Update User Attributes
Deactivate Users
Click Save to finish the configuration.
The whole provisioning process will take around 20 minutes to complete depending on the amount of members and groups being added.
You have now successfully set up your Okta SCIM with GoodAccess.
Step 4 - Managing user access
In the application, go to Assigments, and click Assign > Assign to People/Groups.
Choose who should have access, and click Done.
Last updated