We will set up okta SAML2.0 authentication to log in to your ovice account.
If you have already set up SAML authentication for multiple spaces in a hierarchical structure (building), please refer to the following:
SAML authentication settings for a hierarchical structure (building)
Advance Preparation
1. Make sure you have the necessary permissions to set it up
- okta admin privileges
- ovice admin privileges
2. Click the three dots in the space header and select the "Space" tab.
*If you are not the organization owner, there is no need to select a tab.
3. Go to "Space Settings" → "Space Access Settings" → "Member Whitelist Rules" and click "Email Account Authentication"
4. Select the "SSO" tab
5. Click the + button next to "SAML Authentication Setup"
6. Enter any name in the IdP name field.
This name will appear on the space URL login screen.
7. Enter "." (or an appropriate string) for Entity ID, IdP Login URL, and IdP x509 cert.
*The correct input values will be set later.
8. Enter the space URL (https://app.ovice.com/ws/◯◯/) in the IdP logout URL
9. Select the redirect destination
Select the screen each user will be redirected to when they log in.
space | Redirect into space |
lobby | Redirect to the lobby screen (space list) |
10. Click "Save"
11. Click on the SAML settings you saved
Do not close the ovice settings screen in this state.
Setting up okta
1. Log in to okta's IDP with administrator privileges
2. Click "Applications" on the sidebar
3. Click "Create App Integration"
4. Select "SAML 2.0" and click "Next"
5. Enter any app name in "App name" and click "Next"
*As an option, you can also change the app's logo image.
6. Copy and paste the items displayed on the ovice screen you prepared in advance to the Okta side.
ovice setting screen (copy source) | okta settings screen (paste destination) |
---|---|
Identifier | Audience URI (SP Entity ID) |
Reply URL | Single sign-on URL |
7. Scroll down the screen and click the "Next" button.
8. For "Are you a customer or partner?", select the appropriate item and click "Finish"
9. Select "Applications" from the sidebar and click "Assign to Users" from the ▼ of the app you created.
10. Click "Assign" next to the user
11. Click "Save and Go Back" and confirm that the display next to the user has changed to "Assigned".
12. Click the app you created in the "Applications" section on the sidebar.
13. Select the "General" tab and click "Edit" under "SAML settings".
14. Click "Next"
15. Add the following two items to "Attribute Statements (optional)"
Name field | Value item |
---|---|
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.email |
16. Click "Next" → "Finish"
17. Select the "Sign On" tab and click "View Setup Instructions"
Do not close the okta settings screen while "How to Configure SAML 2.0 for XX" is displayed.
ovice Settings
1. Click "Edit" for the SAML created on the ovice side in Advance Preparation
2. Copy and paste each item on the screen that opens in step 17 of the Okta settings to ovice.
okta settings screen (source) | ovice setting screen (paste destination) |
---|---|
Identity Provider Single Sign-On URL | IdP Login URL |
Identity Provider Issuer | Entity ID |
X.509 Certificate | IdP x509 cert |
*In the image above, the ovice setting screen is on the left and the okta setting screen is on the right.
3. Click "Save"
[Optional] How to add SAML authentication to permission settings
By combining the publishing and Space Access Settings, you can allow only users who have authenticated with SAML to access the space.
4. Scroll down the screen and check the SAML authentication settings you created under "Activate SSO authentication".
5. Click "Save"
Log in using okta
Please refer to the following and try logging in.
Log in with the space's own SSO (SAML authentication, etc.)
If you fail to log in using okta
Please check the following:
- When logging in with SAML authentication, I get a 500 error
- Please make sure that each item in the app you created (assertion information, etc.) is set correctly.
- Make sure the user is assigned correctly in the Users and Groups settings.
Set up common SAML authentication for spaces in a hierarchical structure (building)
If you want to use the SAML authentication you set up in other spaces in the building, you will need to cite it in the new space you want to set up. See below for how to set it up.
Inheritance Settings