Single sign-on (SSO) is a mechanism that uses a single authentication action to grant users access to all related yet independent software systems or applications, all without requiring them to log in again for each individual system during a specific session.
Why Single Sign-On (SSO) Matters
- Convenience for Users: SSO simplifies life for users.
- Tightened Security: SSO can enhance security.
- Streamlined Management: SSO eases the load on IT teams. They spend less time resetting passwords and managing accounts, leading to smoother operations.
Imagine you’re using multiple online services, like email, calendar, and documents, and you’re tired of remembering different usernames and passwords for each one. SAML2 comes to the rescue. SAML2, which stands for Security Assertion Markup Language 2.0, is like a special key that lets you access all these services without having to remember multiple logins.
Understanding The SAML Workflow
- Request: A user taps on a “Log in” button.
- Validation: The SAML and the identity provider connect for authentication.
- Login: The user sees a screen waiting for username and password data.
- Token creation: If the user enters the right information, a SAML token moves to the service provider, which allows the user to log into the server.
You can read more about this on the official Octa site.
When to Consider SSO
- Multiple Apps, One Identity: If your business uses several applications, SSO makes access easier for employees and partners, improving workflow.
- Security is Key: SSO is vital when data security is non-negotiable. It ensures stringent access controls and reduces vulnerabilities.
- User-Friendly Experience: SSO simplifies logins.
Microsoft and Okta: Powering Modern Single Sign-On (SSO)
In the world of modern authentication, Microsoft and Okta emerge as prominent players, offering robust single sign-on (SSO) solutions that revolutionize user access. These solutions not only enhance security but also streamline management processes, providing organizations with seamless user experiences.
Microsoft’s Azure Active Directory (Azure AD)
Microsoft, a global tech leader, introduces a comprehensive SSO solution through Azure Active Directory (Azure AD). This system seamlessly integrates with Microsoft’s productivity tools like Microsoft 365 and Azure services. Acting as a central access hub, Azure AD unifies user entry across Microsoft and third-party applications.
Azure AD empowers organizations to simplify authentication while enforcing robust security measures. Advanced features like multi-factor authentication (MFA) and integration with Microsoft’s security tools bolster protection against breaches. This harmonious integration cements a secure foundation for SSO strategy within the Microsoft ecosystem.
You can read more about it on the official Microsoft Site.
Okta: Seamless Identity and Access Management
Okta, a frontrunner in identity and access management, offers effortless SSO capabilities and more. Okta’s solution seamlessly integrates with diverse applications, both Microsoft and non-Microsoft, fostering a cohesive user experience.
Beyond streamlined logins, Okta supports advanced authentication methods like MFA and biometric security, bolstering overall security. Its intuitive interface simplifies central access management, reducing IT workload and enhancing operational efficiency. Moreover, Okta’s scalability ensures adaptability as businesses grow, catering to evolving identity management needs.
A Closer Look at Okta
Epicflow chose Okta because it is a leading identity and access management platform that perfectly aligns with our needs. Okta provides us with a range of crucial benefits that are essential for our efficiency and security.
- Top-Tier Security: Okta offers advanced authentication methods, including multi-factor authentication (MFA) and biometric security, effectively safeguarding our infrastructure and data from breaches.
- Seamless App Integration: Okta enables smooth integration with various applications.
- Access Management at Your Fingertips: With Okta, you can configure and control access to different resources, applications, and data from a centralized location.
- Rapid Deployment: Okta solutions can be implemented relatively swiftly.
- Scalability and Flexibility: As our company grows, Okta has the capability to scale effectively along with our needs, providing flexibility in identity management.
As a result, the choice of Okta as our identity and access management partner was evident, providing us with performance, security, and ease of administration in one comprehensive solution.
Step By Step Okta Configuration
There are two distinct approaches to integrating Okta. The first approach involves direct usage of the Okta platform, while the second approach entails using a Chrome extension.
- Login into the OKTA system as Administrator.
#Screen 1 SIgn In Okta system
- Navigate to Application-> Application block and select “Create App Integration”.
#Screen 2 Create App Integration
- In newly Appeared windows select option of sign-on method “SAML 2.0” and press Next button.
#Screen 3 Select option of Sign-On Method
- Add App name “yoursite.epicflow.net”.
#Screen 4 Create SAML Integration
- Define Single Sign On URL: “https://yousite.epicflow.net/auth/AssertionValidatorService”.
#Screen 5 Edit SAML Integration
- For Attribute Statements new attribute “userId” with value “user.id” must be added.
#Screen 6 Attribute Statements
- For the last step of initial configuration, you need to select option “I’d like to integrate my application with OKTA”.
Screen 7 Integrate Your App with Okta
- In newly configured connection select Sign On tab and navigate to the SAML Signing Certificates block. To the right from it, you would have “View SAML setup instruction”.
Screen 8 Signing Certificates
- On pressing on that button you would be redirected to a new tab with the information on connection. Please download certificate from that and provide it to Epicflow Support team.
- Close newly opened tab and navigate to the Assignments block. Assign new People and your account as well (Those who will be granted with access to the system). Your account is required for the next step since without such permission no required information would be granted for you.
Screen 9 Assign New People
- Go back to the SAML Signing Certificates block and for the Active certificate select option “View IdP metadata”.
Screen 10 View IdP metadata
- Copy address link from the newly appeared window and provide its URL to Epicflow Support Team.
Screen 11 Copy address link
- We need a set of information in a format like:
- id;email;name;initials 00u292p6vani8igFL5d7;SupportManager@epicflow.com;Support S;SM. Usually you can get it from OKTA API.
Advanced Okta Configuration through the user ID
There is a separate extensions for Chrome that can be used to collect required information https://chrome.google.com/webstore/search/rockstar and click here to go to Guide Site of it.
- As soon as you have it installed for your Chrome you need to
- Login to Okta as Admin.
- Navigate to Directory > People.
#Screen 12 Rockstar People Directory
- Look for the “rockstar” popup window in the upper-left corner of your browser and select option ‘Export Users’.
#Screen 13 Rockstar Expoty Users
- Among columns list you need to select ‘User Id’, ‘Username’, ‘First name’, ‘Last name’ and ‘Primary Email’.
#Screen 14 Rockstar Columns to Export
- Do expect that ‘Username’ and ‘Primary Email’ would be equal.
- As result you are going to have a *.csv report with next set of information
- User Id;Username;First name;Last name;Primary email
- From it you need to collect only those who must be added into Epicflow system and have access to it via OKTA.
After you have completed the Okta configuration from your end, please provide all necessary information to Epicflow Support by sending us an email at Support@epicflow.com. This will enable us to proceed with our work.