In this onboarding chapter we will go over the process on how to setup a new customer in Okta and make sure they can authenticate in Zapfloor. We will explain how to gather the correct information from a client and how to set it up correctly.
Some information
Both IdP and SP initiated authentication flows rely upon assertions that are passed between the user’s browser and URLs that are specifically created to handle SAML traffic (known as endpoints). These assertions are in XML format and contain information that verifies who the identity provider is, who the user is, and whether the user should have access to the SP. At a basic level, a successful SP-initiated SAML flow occurs as follows:
The onboarding consists of following steps:
-
CUSTOMER: Gathering info, do you have their own IdP?
-
Zapfloor: Creating a Okta group
-
Zapfloor: Creating identity provider in Okta
-
Zapfloor: Creating application in Okta
-
Zapfloor: Creating config in Zapfloor
-
Zapfloor: Setting up IdP discovery rules
-
Zapfloor: Testing the connection
1. Required information to start
The following information need to be send to zapfloor:
- Create a enterprise application in Entra
https://help.okta.com/en-us/content/topics/provisioning/azure/azure-create-enterprise-app.htm - The metadata of the IdP (an xml file)
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp
-
Name: A descriptive name of the external IdP, this is never visible for any user (just for zapfloor)
-
IdP username: By default SAML2.0 includes a field called NameID, which is usually the username from the user. Let zapfloor know if this is different.
-
IdP issuer uri: Available in the metadata (look for EntityId)
-
IdP Single-Sign-On URL: Available in the metadata (ACS url)
-
IdP Signature Certificate: Available in the metadata (point 1) or please provide separately
2. Test account
To be able to setup and test the integration, we ask to create an licensed user account which can be used as test account. For example: test_zapfloor@companyname.com.