Okta SSO Setup
Parameters Needed
Criteria Provided Parameters:
- Entity ID (Audience URI)
- urn:amazon:cognito:sp:us-east-1_tkdHRnjPD
- Assertion Consumer Service URL
- https://hireselect.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- First-Time Sign-On URL/BookMark
- Once Soft-Enabled, Criteria CSM to provide customer with following link to include their unique company account ID. Customer must login via this link and not through their service provider):
- https://hireselect.criteriacorp.com/?companyAccountId=<companyAccountId>
- Our Required SAML Attributes
- First Name
- Last Name
- Email Address
- Optional Recommended SAML Attribute
- Job Title
- Idp Immutable Global Unique Identifier (Varies by Idp)
Customer Provided Parameters:
- Federation Metadata Document endpoint URL (Can also be an XML Document but URL preferred)
Step-By-Step Customer Side
Create a SAML app in Okta
- Open the Admin Dashboard:
Important: You must be in the Admin Console (Classic UI) to create a SAML app.
- Under Shortcuts choose Add Applications. Or, choose Applications, and then choose Add Application.
- On the Add Application page, choose Create New App.
- In the Create a New Application Integration dialog, confirm that Platform is set to Web.
- For Sign on method, choose SAML 2.0.
- Choose Create.
- Configure SAML integration for your Okta app
- On the Create SAML Integration page, under General Settings, enter HireSelect_SSO as the app name.
- (Optional) Upload a logo and choose the visibility settings for your app.
- Choose Next.
- Under GENERAL, for Single sign on URL, enter https://hireselect.auth.us-east-1.amazoncognito.com/saml2/idpresponse.
- For Audience URI (SP Entity ID, enter urn:amazon:cognito:sp:us-east-1_tkdHRnjPD.
- Under ATTRIBUTE STATEMENTS, add a statement with the following information:
- For Name, enter the SAML attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress. For Value, enter user.email
- For Name, enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname. For Value, enter user.firstName
- For Name, enter: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname For Value, enter user.lastName
- For all other settings on the page, leave them as their default values or set them according to your preferences.
- Choose Next.
- Choose a feedback response for Okta Support.
- Choose Finish.
Get the IdP metadata for your Okta application
- On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink. Right-click the hyperlink, and then copy the URL.
- Send the IdP Metadata URL or xml file to our Support Team (Idp Metadata URL is preferred so xml files will auto-update).
Next Steps
Our team will update your Criteria account and advise once we are ready to begin testing the integration. For next steps, please continue to our SSO How-to Guide.