Configuring Okta for SAML and Single Sign On (SSO)

Observe supports using Okta as an IdP with SAML support. Observe supports the following features:

  • Identity Provider(IdP)-initiated SSO

  • Service Provider-initiated SSO

  • Just-In-Time Provisioning

Note

Use of stem names instead of Observe Customer IDs is not supported at this time.

Configuring Okta for SAML

  1. Log into Okta as the admin and go to the Admin page.

  2. Navigate to Applications > Applications > Browse App Catalog.

  3. Enter Observe into the App Catalog search field and choose Observe.

Observe app in Okta

Figure 1 - Settings

4. Select Observe from the list of apps, and click Add.

Okta settings

Figure 2 - Okta Settings

5. Enter your Observe customer ID as the Subdomain.

6. Select Do not display application icon in the Okta mobile app.

7. Add users and groups to Okta.

8. Click View Setup Instructions. Copy the text of the SAML certificate.

Observe app in Okta

Figure 3 - Settings

Group Membership Attributes

Observe supports receiving group membership claims via SAML. In the Sign On configuration area of the Observe app for Okta, expand Attributes (optional) and select Group Attribute Statements (optional) and in the Name field, type groups (note this is case sensitive).

Okta Group SAML settings

Figure 4 - Okta Group Attributes Settings

Configuring Observe

  1. Navigate to https://${OBSERVE_CUSTOMER_ID}.observeinc.com/settings/customer.

Observe SAML settings

Figure 5 - Observe Settings

2. Locate Add SAML on the page.

3. Enter https://${OKTA_DOMAIN}/app/observeinc/uid/sso/saml as the Entry Point. The Okta domain is typically ${OKTA_ORG}.okta.com, unless your organization uses a custom domain.

4. Paste your Okta certificate into the Cert field.

5. Click Add SAML Provider to finish the configuration.