Okta SSO Setup

Updated by Sean Welch

Parameters Needed

Criteria Provided Parameters:
  1. Entity ID (Audience URI)
    1. urn:amazon:cognito:sp:us-east-1_tkdHRnjPD 
  2. Assertion Consumer Service URL
    1. https://hireselect.auth.us-east-1.amazoncognito.com/saml2/idpresponse 
  3. First-Time Sign-On URL/BookMark
    1. Once Soft-Enabled, Criteria CSM to provide customer with following link to include their unique company account ID. Customer must login via this link and not through their service provider):  
    2. https://hireselect.criteriacorp.com/?companyAccountId=<companyAccountId> 
  4. Our Required SAML Attributes
    1. First Name
    2. Last Name
    3. Email Address
  5. Optional Recommended SAML Attribute
    1. Job Title
    2. Idp Immutable Global Unique Identifier (Varies by Idp) 
Customer Provided Parameters:
  1. Federation Metadata Document endpoint URL (Can also be an XML Document but URL preferred)

Step-By-Step Customer Side

Create a SAML app in Okta
  1. Open the Admin Dashboard:

Important: You must be in the Admin Console (Classic UI) to create a SAML app.

  1. Under Shortcuts choose Add Applications. Or, choose Applications, and then choose Add Application.
  2. On the Add Application page, choose Create New App.
  3. In the Create a New Application Integration dialog, confirm that Platform is set to Web.
  4. For Sign on method, choose SAML 2.0.
  5. Choose Create.
  6. Configure SAML integration for your Okta app
    1. On the Create SAML Integration page, under General Settings, enter HireSelect_SSO as the app name.
    2. (Optional) Upload a logo and choose the visibility settings for your app.
    3. Choose Next.
    4. Under GENERAL, for Single sign on URL, enter https://hireselect.auth.us-east-1.amazoncognito.com/saml2/idpresponse.
    5. For Audience URI (SP Entity ID, enter urn:amazon:cognito:sp:us-east-1_tkdHRnjPD.
    6. Under ATTRIBUTE STATEMENTS, add a statement with the following information:
      1. For Name, enter the SAML attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. For Value, enter user.email
      2. For Name, enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname. For Value, enter user.firstName 
      3. For Name, enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname  For Value, enter user.lastName 
    7. For all other settings on the page, leave them as their default values or set them according to your preferences.
    8. Choose Next.
    9. Choose a feedback response for Okta Support.
    10. Choose Finish.
Get the IdP metadata for your Okta application
  1. On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink. Right-click the hyperlink, and then copy the URL.
  2. Send the IdP Metadata URL or xml file to our Support Team (Idp Metadata URL is preferred so xml files will auto-update).

Next Steps

Our team will update your Criteria account and advise once we are ready to begin testing the integration. For next steps, please continue to our SSO How-to Guide.

PLEASE NOTE: The terminology for the attributes for your company may not be an identical match to the attribute names in the SSO setup page. In that case, you can input the most closely related attribute on your end. For example, If the attribute on the SSO setup page lists “givenname” you can input the user’s first name.  

How did we do?