Skip to main content

Single Sign-On: Configuring Omnilert to work with Okta

Omnilert Support
Updated

Omnilert's Shibboleth/SAML connector can provide your subscribers with a simple, unified way to log into the Omnilert Subscriber Portal.

Omnilert can be configured to allow single sign-on using Okta's unified account management/access products (see www.okta.com) via Omnilert's Shibboleth / SAML connector.*

Once configured, you can assign Omnilert access through OneLogin using Okta's app management features. (Please see Okta support for details on granting your SSO user accounts access to apps like Omnilert.)

This setup will allow Subscribers to access Omnilert using Okta login credentials. This guide will walk you through the process of adding and configuring Okta for use with Omnilert.

 

 

Step 1: Get the Omnilert SAML Connector

This setup requires Omnilert's Shibboleth/SAML connector.

If the Settings > Single Sign-On > Shibboleth / SAML menu is not present in your account, please contact your account manager to have Shibboleth/SAML added to the account.

If you have this feature already, skip to step 2!

 

 

Step 2: Download Okta Metadata and send it to Omnilert

This setup will require your Okta system's "metadata" to be imported by Omnilert's team.

Sign into your Okta administrative account and download your Okta metadata.

For detailed instructions from Okta on this entire setup process, please see https://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Omnilert.html  

Send the Okta metadata file to your Omnilert account manager and/or support@omnilert.com 

(Omnilert will import the Okta metadata for you and let you know when ready. Please allow up to two business days for that import to occur.)

 

 

Step 3: Configure Omnilert's "Entity ID" and "Logout Redirect" URLs

In Settings > Single Sign-On > Shibboleth/SAML configuration, enter the "Entity ID" and "Logout URL" values provided by Okta

(Note, you will need to log into Okta to retrieve this information.)

Once entered, click Update settings and Omnilert will create the "Shibboleth page link" and "Check attributes link" values automatically.

 

Step 4: Set up Okta's app for Omnilert

In Okta, select the Sign On tab for the Omnilert app, then click Edit.

  • Default Relay State: Enter  https://shibboleth.omnilert.net/shibboleth-sp

  • Click Save.

 

omnilert3.png

 

That's it. 

The setup is complete.

 

Logging into Omnilert via Okta

Once complete, your subscribers will log into Omnilert by using the "Shibboleth page link". That URL is provided in the Settings > Single Sign-On > Shibboleth/SAML configuration. 

Simply share that URL out to your subscribers, as a link on your website, a graphical link, a tweet, a menu item in your web portal, etc. When someone clicks that link, they're taken into Omnilert's subscriber portal via the Okta login system.

 

(Optional) Allowing Admin Logins via Okta SSO

By default, Omnilert's SSO setup allows subscribers to log in via Okta. (Admins would not use SSO.)

However, there is an option to allow admins to use SSO for logins. (See Single Sign-On: Admin logins via Shibboleth/SAML). 

Allowing admins to log in via SSO will require the release of an additional SAML attribute from Okta called omnilertMail which is used to pass the user's email address from Okta in the SAML assertion for Omnilert.

To release this special attribute, you'll need to expand the "Attributes (Optional)" section in Okta's settings and then add an attribute named omnilertMail in Basic format and link it to the user.email value as shown below:

Please note: The name of the new attribute is case-sensitive. It must be omnilertMail. (It must be mixed case as shown, and not all caps or all lower-case.)

 

Then, be sure that your Omnilert admins' username, first name, last name, and email address match the values that will be passed to Omnilert by Okta. 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk