Single Sign On with Okta using SAML

Single Sign On is mechanism where a single action of login provides access to multiple services including GpsGate server. As one of the main benefits it reduces the number of passwords you need to remember and it also decreases the time spent on login to various services.

Installation

The plugin name SAML refers to Security Assertion Markup Language standard, it defines a framework for exchanging security information between online business partners.

1. Log in to Site Admin and navigate to Plugins tab
2. In the repository update.gpsgate.com, Install Saml plugin

Setup

The setup comprises the following steps:

A. Site Admin setup

B. Choose an identity provider (OKTA and ADFS)

A. Site Admin Setup

1. Click on the Saml menu in Applications tab in Site Admin. 
sso menu

2. Click on Add button and select an application for single sign-on from the drop down list.
sso new
Do not click the Create button yet because will get back to this step later.

At this point you need to choose an Identity Provider that provides an endpoint for SSO and supports SAML 2.0 protocol. In this example we will show you how to use OKTA and ADFS as identity provider.

B. OKTA and ADFS setup

ADFS Setup

Once obtained, Set SAML Metadata URL for your ADFS server, it should be something like:

https://youradfsserver.com/federationmetadata/2007-06/federationmetadata.xml

In case if your federation metadata file does not provide a valid HTTP-Redirect URL, you can override it by insert a custom URL in ‘Override HTTP-Redirect URL’ field.

Click Create button

GpsGate will download the metadata in the background and pair your GpsGate application with the ADFS server.

Now you have configured the SSO.

add relying party trust 12

When you visit the Single Sign On Url associated with your application, you will be automatically logged in to GpsGate when you are already logged in to ADFS.

OKTA Setup

Once obtained, paste the Metadata URL obtained in the OKTA setup, and click Create button.

GpsGate will download the metadata in the background and pair your GpsGate application with the OKTA App.  

sso paste metadata url

Congratulations! You successfully configured the SSO.

sso identity provider successfully created

When you visit the Single Sign On URL associated with your application, you will be automatically logged in to GpsGate when you are already logged in to OKTA.  

Note: it is possible to sign in to OKTA using Active Directory to make the login more convenient.