Our SAML integration uses a self-setup model that allows you to set up, manage, and edit your SAML integration in Acquia DAM. The SAML Integration feature must be enabled in the DAM in order to configure SAML settings and set up the Okta integration. DAM admins can enable the feature from the Features page in the Admin app, then access SAML settings from the Single Sign-on Settings in the Admin app. Please contact your customer success manager (CSM) or implementation specialist for more information or help with setting up the feature.
Use the instructions below to integrate Okta after the SAML feature is enabled.
Set up in Okta¶
To get started, you'll first need to set up the DAM as an app in Okta. To set up the DAM:
- Log in to your Okta account.
- Click the Admin button.
- On the dashboard, select Applications.
- Click Add Application.
- Choose Create New App.
Step 1: Set up general settings¶
To create the new app, complete the general and SAML settings. For general settings, include:
- The app name of the one you're integrating with. In this instance, use Acquia DAM.
- The app logo, which is optional. Upload an image/icon of the app you are integrating with.
- Click Next to set up SAML settings.
Step 2: Set up SAML settings¶
When setting up SAML settings some of the information needed is located on SAML settings page in the Admin app of the DAM. For SAML settings:
- Add the single sign-on URL. The URL can be found in the Service Provider (SP) tab under Assertion Consumer Service URLs.
- Add the audience URI (SP entity ID). The URI can be found in the SP tab under Issuer / Entity ID.
- Choose Persistent for the name ID format.
- Complete the attribute statements, which are required in the DAM. By default, email, first name, and last name attributes are required. Add each attribute, then select its respective value in the corresponding dropdown. (The attribute names you create are used in a later step to correctly map the new attributes in the DAM.)
- Click Next.
After completing the general and SAML settings, add information to help Okta understand how you configured the app.
- For Are you a customer or partner?, choose I'm an Okta customer adding an internal app.
- For app type, check This is an internal app that we have created.
- Click Finish and you'll be taken to the Okta app settings page.
Step 4: Okta app settings page¶
On the Okta app settings page, click View Setup Instructions to find information - like the Identity Provider (IdP) SSO URL and X.509 certificate - needed to finish the setup in the DAM, then copy the IdP SSO URL and download the X.509 certificate.
Step 5: Assign users to your new app¶
Last, assign users to your app in Okta. To assign users:
- Click Applications.
- Choose Applications.
- Click Assign Applications.
- Under Applications, select your newly created app.
- Under People, select the users or group you want to access your new app.
- Click Next after selecting all users or groups.
- Click Confirm Assignments after reviewing your assignments.
For more information about adding users or groups to Okta, please check out Okta’s manage users documentation.
Set up in Acquia DAM¶
To set up the integration between Okta and the DAM:
- Log in to the DAM.
- Select the Admin app.
- Click Single Sign-On Settings.
- Click SAML settings.
Service Provider ¶
- On the Service Provider tab, select your SAML-specific registration code in the Registration code dropdown. If you have not yet created one, please contact your CSM or implementation specialist for assistance.
- Click Save.
- Click the Identity Provider tab.
Identity Provider¶
For the IP, complete the following information:
- Authorization endpoint (required): Enter the IdP SSO URL from Okta.
- Metadata endpoint: For this integration, you do not need to fill in the metadata endpoint.
- Certificate files (required): Click Select Files and upload your X.509 certificate from Okta. Once uploaded, you will see information about the certificate in the IdP tab.
- Support email (required): Enter your email address. The Support email is only used to reference who configured this integration.
- Click Save.
- Click the Attributes tab.
Attributes¶
In Step 2 (SAML settings), you created the DAM-required attribute statements in Okta. You'll need to include some of that information in the Attributes tab in the DAM. By default, ADFS values are mapped to the Attributes tab. Log in to your Okta account, then select Applications > General, then select this information and add it to the corresponding location in the Attributes tab, replacing the ADFS default value:
- Email: Add the attribute name of your previously created email attribute (for example, email).
- First name: Add the attribute name of your previously created first name attribute (for example, first name).
- Last name: Add the attribute name of your previously created last name attribute (for example, last name).
- If any additional attributes need to be mapped, remove the ADFS default value and add your attribute name value in its place. If there are no additional attributes, click Save.
- Click Save.