Omnilert's Shibboleth/SAML connector can provide your subscribers with a simple, unified way to log into the Omnilert Subscriber Portal.
Omnilert can be configured to allow single sign-on using Okta's unified account management/access products (see www.okta.com) via Omnilert's Shibboleth / SAML connector.*
Once configured, you can assign Omnilert access through OneLogin using Okta's app management features. (Please see Okta support for details on granting your SSO user accounts access to apps like Omnilert.)
This setup will allow Subscribers to access Omnilert using Okta login credentials. This guide will walk you through the process of adding and configuring Okta for use with Omnilert.
Step 1: Get the Omnilert SAML Connector
This setup requires Omnilert's Shibboleth/SAML connector.
If the Settings > Single Sign-On > Shibboleth / SAML menu is not present in your account, please contact your account manager to have Shibboleth/SAML added to the account.
If you have this feature already, skip to step 2!
Step 2: Download Okta Metadata and send it to Omnilert
This setup will require your Okta system's "metadata" to be imported by Omnilert's team.
Sign into your Okta administrative account and download your Okta metadata.
For detailed instructions from Okta on this entire setup process, please see https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Omnilert.html
Send the Okta metadata file to your Omnilert account manager and/or support@omnilert.com
(Omnilert will import the Okta metadata for you and let you know when ready. Please allow up to two business days for that import to occur.)
Step 3: Configure Omnilert's "Entity ID" and "Logout Redirect" URLs
In Settings > Single Sign-On > Shibboleth/SAML configuration, enter the "Entity ID" and "Logout URL" values provided by Okta.
(Note, you will need to log into Okta to retrieve this information.)
Once entered, click Update settings and Omnilert will create the "Shibboleth page link" and "Check attributes link" values automatically.
Step 4: Set up Okta's app for Omnilert
In Okta, select the Sign On tab for the Omnilert app, then click Edit.
-
Default Relay State: Enter
https://shibboleth.omnilert.net/shibboleth-sp
-
Click Save.
That's it.
The setup is complete.
Logging into Omnilert via Okta
Once complete, your subscribers will log into Omnilert by using the "Shibboleth page link". That URL is provided in the Settings > Single Sign-On > Shibboleth/SAML configuration.
Simply share that URL out to your subscribers, as a link on your website, a graphical link, a tweet, a menu item in your web portal, etc. When someone clicks that link, they're taken into Omnilert's subscriber portal via the Okta login system.
(Optional) Allowing Admin Logins via Okta SSO
By default, Omnilert's SSO setup allows subscribers to log in via Okta. (Admins would not use SSO.)
However, there is an option to allow admins to use SSO for logins. (See Single Sign-On: Admin logins via Shibboleth/SAML).
Allowing admins to log in via SSO will require the release of an additional SAML attribute from Okta called omnilertMail which is used to pass the user's email address from Okta in the SAML assertion for Omnilert.
To release this special attribute, you'll need to expand the "Attributes (Optional)" section in Okta's settings and then add an attribute named omnilertMail
in Basic
format and link it to the user.email
value as shown below:
Please note: The name of the new attribute is case-sensitive. It must be omnilertMail
. (It must be mixed case as shown, and not all caps or all lower-case.)
Then, be sure that your Omnilert admins' username, first name, last name, and email address match the values that will be passed to Omnilert by Okta.
Comments
0 comments
Please sign in to leave a comment.