Connecting Mosaic with Okta
Part 1: Initial Setup with Mosaic SAML
- Go to Mosaic settings β Security β SAML 2.0 Single Sign On and click Enable.
Please Note:
Only admins are able to access the Security tab on Mosaic settings.
- From the Mosaic SAML 2.0 Single Sign-On modal, take note of the
ACS URL
. This will be required when configuring Okta. - Similarly, record the
Entity ID
from the same modal, as it will be used in a subsequent Okta configuration step.
Part 2: Setup SAML on Okta
- Log in to your Okta Admin Dashboard.
- Navigate to Applications and click on Create App Integration.
- Choose
SAML 2.0
as the Sign-in method and click Next.
- Under the General Settings tab, give your app a name and optional logo and click Next.
- Navigate to the Configure SAML tab:
- Copy the ACS URL from Mosaic (refer to Step #2) and input it into Okta's
Single sign-on URL
field. - Copy the Entity ID from Mosaic (refer to Step #3) and input it into Okta's
Audience URI (SP Entity ID)
field. - Leave the default values for the remaining fields and click Next.
- Copy the ACS URL from Mosaic (refer to Step #2) and input it into Okta's
- Navigate to the Application's main page and select the Sign On tab.
- Under Sign on methods > SAML 2.0 > More details > Sign on URL, take note of the Sign on URL, as it will be required for Mosaic setup in the subsequent steps.
- Under the SAML Signing Certificates section, click on
Actions
dropdown and selectDownload certificate
.
- Open the downloaded Certificate using a text editor application, such as
TextEdit
on Mac orNotepad
for Windows. Copy the entire content of the certificate, as you'll be pasting it into Mosaic in a subsequent step.
Back in the Mosaic SAML page:
- Back in Mosaicβs SAML 2.0 Single Sign On menu, fill in:
- Domain:
- Domain associated with Okta.
- For example,[email protected]
has a domain ofthisisdomain.com
.Please Note:
The email associated with the admin (who is setting up the SAML) must have the same domain as the one being inputted.
- For example, if the admin uses an email
[email protected]
, the only domain the admin could input isthisisdomain.com
.
- For example, if the admin uses an email
- Domain associated with Okta.
- SSO URL:
- SSO URL copied from Sign on URL in Step #10.
- Certificate:
- Certificate copied from Step #11.
- Click Done.
- Upon successful activation, SAML 2.0 Single Sign On will have the following options:
- Next time a user with an email address belonging to the specified domain logs into Mosaic, they will be redirected to authenticate with Okta the moment they click Next after inputting their email.
- Follow the on-screen prompts to download the Okta Verify app onto your mobile device. Then, scan the displayed QR Code to link your account.
Updated 2 months ago