Single Sign on in EduBrite with Okta

This article describes what you need to do if you are looking to use Okta as IdP in SAML based single sign on integration with EduBrite.

Login to Admin view in Okta and start creating a new App.

Step 1: Enter the name of the app, and upload an optional logo, and click Next

Step 2: In this step, enter the single sign on url that is specific to your EduBrite microsite. For example if your microsite url is then enter Similarly, in Audience url enter just the microsite url. Click Next



If you like to pass additional attributes like firstName, lastName and email from Okta to EduBrite so new user account thats gets created after SSO (if user doesn't already exist in microsite) has all these attributes populated, then click on Show Advanced Settings and add following attributes to be passed in SAML assertion. At present only these three attributes can be passed, besides the Okta username that gets passed in NameId.

To send groups from Okta to EduBrite, you can enable additional settings as shown below. Enter "groups" in the attribute name (this is the name okta will use as attribute name), and enter any criteria in the filter to specify which groups will be sent in saml response. If the corresponding groups exists in EduBrite (with matching group code) then user will be added to these groups provided that Auto Provisioning is ON site admin->site details->integration (in EduBrite).


Step 3: In the feedback step, mention the app as your internal app. Click Finish

Step 4: In Sign On tab, keep the default sign on method as SAML 2.0, keep default relay state, click on View Setup Instructions


Step 5: In next screen you can find two configuration settings that you need to copy to microsite. Idp url and Idp public certificate.

Make sure to grant the App access to users (including yourself for testing)

Step 6: Go to you microsite and login as site admin. open the Site Details -> Customization and enter the property SAML_IDP_URL and set it to url copied from step 5

Step 7: Open Security tab and enable SAML v2 SSO option

Step 8: Go to Integration tab, and ensure Auto Create Users by API is enabled

Step 9: Go to Site Details->CMS and create a new data source

Step 10: Paste the public key copied from step 5 and Click Save, then click Publish

Now you can log out from microsite and try Signin with SSO link

You should get directed to Okta url, and if you are not already signed in you will see Okta login page.

After signin you will be redirected to EduBrite microsite, and if a user doesn't already exist with matching Okta username then it would get created

Sending Groups from Okta

To send user's groups from Okta to EduBrite, you can perform additional configuration in step 2.