This article will walk you through the process of setting up Single Sign-On (SSO) login with Okta. This will enable your users to access Magentrix using their Okta credentials for a seamless login experience.

Requirements:
To enable SAML for the portal, you must have the following permissions:

• Administrator System Role

In your Okta Admin Console, go to Applications > Applications > Create App Integration
 

Include a name and optional logo for the application. If you prefer not to display the app on the User's Dashboard, select the "Do not display application icon to users" checkbox. Proceed by clicking on the "Next" button.
 

On the next steps, the configuration will be done side by side in Okta and Magentrix, as some Okta fields will depend on the information entered in your Portal.

In your Magentrix Portal Setup, go to Security > Single Sign-On > New
 

On the following screen, provide a name for your Single Sign-On (SSO) configuration. This name will be utilized in the subsequent steps during the Okta configuration.

Back on the Okta App configuration, fill-in the following fields:

Single sign-on URL: On this field, you will use the following address structure: https://YourMagentrixPortalURL.YourDomain.com/user/saml/SSO_Config_Name

For example: if your portal URL is partners.company.com and you set the SSO configuration name as "Okta," the URL to be utilized in this field will be https://partners.company.com/user/saml/okta.

Audience URI (SP Entity ID): On this field, add your Portal URL.
Example: https://partners.company.com
 

Click on Next.

Select one of the options and click on Finish.

After saving the Okta App configuration, please be aware that it may take up to 24 hours for all the fields and certificates to become available.

On the SAML 2.0 section, click on More Details
 

Copy from Okta to Magentrix the fields below:
 

On the Okta App configuration page, click on the General tab. Scroll down to the App Embed Link section. Copy the Embed Link URL and paste it in Magentrix in the Single Sign-On Service URL field.

In SAML Identity Type, select what type of identity you would like to use. By default, the “Assertion contains User’s Magentrix username”. Please note that the Magentrix username must be the same as used in Okta.

In your Okta App settings page, scroll down to SAML Signing Certificates. 

Click on Action > Download certificate

Go back to your Magentrix porta SSO settings page, and upload the file downloaded from Okta In the Identity Provider Certificate field.
 

The Login Button checkbox will add a “Login with Okta” button to the Magentrix login page. 

This button can be used to allow users to log in from the Magentrix Login Page using the Okta credentials (SP Initiated login).
 

Select the request method in Service Provider Initiated Request Binding. This must be the same selected in Okta. HTTP POST is usually set as default in both, Magentrix and Okta.
 

It is possible to assign an SSO configuration to a specific Custom Hub. For this, select the Custom Hub in Associate with a Custom Hub.

You can find information related to Just-in-time User Provisioning in the documentation below:
Required SAML Attributes for Just-In-Time Provisioning.

Click on Save & Close.

Prior to logging in, it is necessary to assign the Magentrix App created in Okta to the group of users who will be using Magentrix. Instructions for assigning a single app to groups can be found in the Okta documentation below.
Assign a single app to groups

The configuration is complete, and users should now be able to log in to Magentrix using their Okta credentials.