Connecting Mosaic with Okta

Part 1: Initial Setup with Mosaic SAML

  1. Go to Mosaic settings β†’ Security β†’ SAML 2.0 Single Sign On and click Enable.

🚧

Please Note:

Only admins are able to access the Security tab on Mosaic settings.

  1. From the Mosaic SAML 2.0 Single Sign-On modal, take note of the ACS URL. This will be required when configuring Okta.
  2. Similarly, record the Entity ID from the same modal, as it will be used in a subsequent Okta configuration step.

Part 2: Setup SAML on Okta

  1. Log in to your Okta Admin Dashboard.
  2. Navigate to Applications and click on Create App Integration.

  1. Choose SAML 2.0 as the Sign-in method and click Next.

  1. Under the General Settings tab, give your app a name and optional logo and click Next.

  1. Navigate to the Configure SAML tab:
    • Copy the ACS URL from Mosaic (refer to Step #2) and input it into Okta's Single sign-on URL field.
    • Copy the Entity ID from Mosaic (refer to Step #3) and input it into Okta'sAudience URI (SP Entity ID) field.
    • Leave the default values for the remaining fields and click Next.

  1. Navigate to the Application's main page and select the Sign On tab.
  2. Under Sign on methods > SAML 2.0 > More details > Sign on URL, take note of the Sign on URL, as it will be required for Mosaic setup in the subsequent steps.
  3. Under the SAML Signing Certificates section, click on Actions dropdown and select Download certificate.

  • Open the downloaded Certificate using a text editor application, such as TextEdit on Mac or Notepad for Windows. Copy the entire content of the certificate, as you'll be pasting it into Mosaic in a subsequent step.

Back in the Mosaic SAML page:

  1. Back in Mosaic’s SAML 2.0 Single Sign On menu, fill in:
  • Domain:
    • Domain associated with Okta.
      - For example, [email protected] has a domain of thisisdomain.com.

      🚧

      Please Note:

      The email associated with the admin (who is setting up the SAML) must have the same domain as the one being inputted.

      • For example, if the admin uses an email [email protected], the only domain the admin could input is thisisdomain.com.
  • SSO URL:
    • SSO URL copied from Sign on URL in Step #10.
  • Certificate:
    • Certificate copied from Step #11.
  1. Click Done.
  • Upon successful activation, SAML 2.0 Single Sign On will have the following options:
  1. Next time a user with an email address belonging to the specified domain logs into Mosaic, they will be redirected to authenticate with Okta the moment they click Next after inputting their email.
  • Follow the on-screen prompts to download the Okta Verify app onto your mobile device. Then, scan the displayed QR Code to link your account.