Okta Single Sign-On

You can integrate your SAML2 Single Sign-On (SSO) with the Fonolo Portal using Okta. This guide will walk you through setting up the Fonolo SSO.

Add Fonolo as an App

  1. Log in to Okta as an administrator.
  2. On the Okta sidebar dashboard, go to ApplicationsApplications.The dashboard of the Okta homepage
  3. Select Create App Integration. The Create a New App Integration dialog opens.
  4. Select SAML2.0 as the Sign on method.
  5. Select Next. The Edit SAML Integration page opens.

Create a new app integration dialog

General Settings

  1. Enter an appropriate name in the App name field.
    1. (Optional) Add an icon as the App logo. You can save the following image to use as the icon:
  2. Select Next to continue. The Configure SAML tab opens.

Configure SAML

  1. Enter the SAML settings exactly as follows. Fields that are not shown can be left as default:
    Field NameValue
    Single sign on URLhttps://portal.fonolo.com/saml
    Use this for Recipient URL and Destination URL✓ (checked)
    Audience URI (SIP Entity ID)https://portal.fonolo.com/saml/metadata
    Default RelayState(leave blank)
    Name ID formatEmailAddress
    Application usernameEmail
    Update application username onCreate and update
  2. Select Advanced Settings to continue the configuration.
  3. Enter the Advanced Settings exactly as follows. Fields that are not shown can be left as default:
    FieldValue
    ResponseSigned
    Assertion SignatureSigned
    Signature AlgorithmRSA-SHA256
    Digest AlgorithmSHA256
    Assertion EncryptionUnencrypted
    Authentication Context ClassX.509 Certificate
    Honor Force AuthenticationYes
    SAML Issuer IDhttp://www.okta.com/$(org.externalKey)
  4. Continue to the Attribute Statements section.

Attribute Statements

The Attribute Statements section lets us match Okta user profile field values to SAML attributes.

  1. Enter the attribute statements exactly as follows:
    NameName FormatValue
    FirstNameUnspecifieduser.firstName
    LastNameUnspecifieduser.lastName
    EmailUnspecifieduser.email
    FonoloRoleUnspecifieduser.FonoloRole
  2. Select Next to continue. The Feedback tab opens.

Feedback tab

  1. Select the appropriate response to Are you a customer or partner?.
  2. Select Finish. The Fonolo app is now set up in Okta.

Sign On Methods

Now that the Fonolo app has been created, you must get the URLs and certificate that are used to finish the SSO integration on the Fonolo side.

  1. In the Sign On tab of the Fonolo app in Okta, select View Setup Instructions. The How to Configure SAML 2.0 for the Application dialog opens.
  2. Copy the Identity Provider Single Sign-On URL and the Identity Provider Issuer URL to a safe place for use later in setting up SSO in the Fonolo Portal.An example certificate to be saved for later
  3. Select Download certificate and save the certificate file to a safe place for use later in setting up SSO in the Fonolo Portal.
  4. Go to the Assignments tab of the Fonolo app in Okta to continue.

Assignments

In the Assignments tab, you must assign the Fonolo app to other Okta portal users so that they have SSO access to the Fonolo Portal.

  1. Select Assign > Assign to People. The Assign App to People dialog opens.
  2. Choose the users to be given SSO access by selecting the corresponding Assign button.
  3. Select Done to close the dialog.

Add Attributes

Next, you must define the fields that exist within the Okta user profiles for Fonolo.

  1. Go to Directory > Profile Editor.
  2. Select the profile of the new Fonolo app. The Profile Editor opens.The Profile Editor in the Okta portal
  3. Select the Fonolo user
  4. Select Add Attribute. The Add Attribute dialog opens.The Add Attribute button in the Okta Portal

Fonolo uses a unique field, called Fonolo Role, to determine the role and permissions of a user in the Fonolo Portal.

FonoloRole Attribute

  1. Enter the attribute exactly as follows. Fields that are not specified can be left as default:
    FieldValue
    Data typestring
    Display nameFonoloRole
    Variable nameFonoloRole
    DescriptionThe user role in the Fonolo Portal.
    Enum✓ (checked)
    Attribute members(see the following table for values)
    The following table shows the required values for the Attribute members field when setting up the FonoloRole attribute:
    Display nameValue
    StatsOnlyStatsOnly
    StandardUserStandardUser
    AccountManagerAccountManager
  2. Save the attribute and then select Add Attribute.The completed FonoloRole attribute

FirstName Attribute

  1. Enter the attribute exactly as follows. Fields that are not specified can be left as default:
    FieldValue
    Data typestring
    Display nameFirstName
    Variable nameFirstName
    DescriptionFirst Name
  2. Save the attribute and then select Add Attribute.

LastName Attribute

  1. Enter the attribute exactly as follows. Fields that are not specified can be left as default:
    FieldValue
    Data typestring
    Display nameLastName
    Variable nameLastName
    DescriptionLast Name
  2. Save the attribute and then select Add Attribute.

Email Attribute

  1. Enter the attribute exactly as follows. Fields that are not specified can be left as default:
    FieldValue
    Data typestring
    Display nameEmail
    Variable nameEmail
    DescriptionEmail
  2. Save the attribute and then select Map Attributes to continue. The User Profile Mappings window opens.The completed attribute menu will all attributes added
  3. Go to the Okta to Fonolo tab.
  4. Select the Okta fields that you defined when setting up the Fonolo app and map them to the appropriate Fonolo User Profile fields using the Apply mapping on user create and update transfer option.
  5. Select Save Mappings and then Apply updates now.Mapping the completed Okta attributes to the Fonolo attributes

Set Up the Fonolo Portal

Next, you must configure the Fonolo Portal for SSO.

  1. Log in to the Fonolo Portal as a user with the Account Manager role.
  2. Go to AdminSettingsSecuritySingle Sign-On.The final screen in the Fonolo Portal after following the path in step 2.
  3. Select Add Single Sign-On Profile. The Update SSO Profile dialog opens.
  4. Set up the SSO profile:
    1. Enter a name for the SSO Profile in SSO Label. This name will be used within the Fonolo Portal.
    2. Paste the Identity Provider Issuer URL that was saved in the Okta Portal into Issuer URL.
    3. Paste the Identity Provider Single Sign-On URL that was saved into SAML Endpoint.
    4. Select Browse next to the IdP Certificate field and select the X.509 Certificate that was downloaded. The certificate uploads and processes automatically.
    5. In Request Binding, select HTTP Redirect.
    6. In Email Domains, enter the domains of the corporate email addresses your users will use to sign in. Do not enter webmail domains (gmail, hotmail, yahoo).
    7. Make sure that the Account Creation and Account Update check boxes are selected. This lets you generate and update Fonolo Portal user accounts during SSO login.

    Required Attributes can be left with the default settings unless further customization is needed.

  5. Select Save Profile. The SSO setup is now complete.Connecting the Okta SSO to the Fonolo Portal

Test the Login

To test out the new SSO connectivity:

  1. Log in as a new user in the OneLogin Portal that you have added the Fonolo app to.
  2. Select the Fonolo Portal Login app. The Fonolo Portal opens, with the user logged in with the role given in the OneLogin Portal.

Related Articles

Fonolo’s Status Page
Check to see the status of Fonolo's core services. Any incidents that may occur will be reported here.
Check Status