Integrating Federated Authentication with Okta

​Note: This guide includes screenshots and instructions for a third-party platform that could change at any time. Be sure to reference Okta's documentation for the latest information. 

Please find full documentation for Federated Authentication here.

1. First, an Okta administrator should select Create New App. Do not select an application from the App Integration Catalogue. 

   

2. Select SAML 2.0 as the sign-on method 

   
3. In General Settings, name the application whatever you prefer. You also may want to choose to Do not Display the application icon to users, because users must initiate the login process through Acquia Accounts. They cannot initiate the login process through Okta.
4. Select Next, and move on to Configure SAML. At this point, you will need to go back to the Cloud Platform to enter information from Okta, and gather information to bring back to Okta. Refer to this documentation for more information.
   1. You will need to get the ACS Link from the Cloud Platform, and enter it into the Single sign on URL field in Okta. The Cloud Platform will not generate the ACS Link until you’ve entered information from Okta, most of which Okta will not provide until you’ve provided the ACS Link. To work around this issue, do the following:
      1. On the Cloud Platform, enter placeholder values in the Entity ID and SSO URL fields.
      2. From Okta, download the Okta Certificate. Open the certificate with a text editor, copy the certificate, and paste it into the Cloud Platform as shown in the documentation.
      3. Submit the information on the Cloud Platform
      4. The Cloud Platform will generate the ACS Link and display it on the subsequent screen.
   2. Enter the ACS Link generated by the Cloud Platform into the Okta field labeled Single Sign on URL
   3. Enter the Entity ID generated by the Cloud Platform into the Okta field labeled Audience URI
   4. Leave the Default Relay State blank
      1. Note: some customers have reported an issue where Okta sends a blank RelayState, causing authentication to fail when a user is trying to sign-in. Please reach out to Okta support for help with troubleshooting this issue.
   5. In the Name ID Format, select Email Address.
5. Click through the feedback screen, to finish the set-up in Okta.
6. Select View Setup Instructions in the yellow box to get the information generated by Okta that you need to enter into the Cloud Platform.
7. Use the information displayed by Okta to update the placeholder values that you entered in the Cloud Platform’s Register the Identity Provider screen for Entity ID and SSO URL. You do not need to replace the Certificate that you submitted previously.
8. On the Cloud Platform, submit the values, and then select Enable on the next screen to enable Federated Authentication.