Okta SAML setup

Enable your Okta users to access 1Password SaaS Manager with Single-Sign-On (SSO). Once you've completed this step you may wish to enable SCIM from Okta.

Create an Okta App Integration from scratch

  1. Open the Okta Administration UI and navigate to the Applications menu, then select Create App Integration.
  2. Select SAML 2.0, then select Next.
  3. Enter 1Password SaaS Manager as the App name.

  4. You'll need the SAML Assertion Consumer Service (ACS) URL (Single sign-on URL) and SAML Entity ID (or Audience URI) from SaaS Manager.

    To find these, in a separate tab, log in to SaaS Manager and navigate to Settings > Users > Single Sign-On (SSO) > SAML providers.

  5. Fill in the following fields:

    Single sign-on URL SaaS Manager SAML Assertion Consumer Service (ACS) URL
    Audience URI (SP Entity ID) SaaS Manager SAML Entity ID
    Name ID format EmailAddress
    Application username Email
    Logo https://brand.1password.com/share/zpjexDZRgpM43TjobjSa/folders/103 

  6. Under Attribute Statements in Okta add two statements:

    Name Value
    given_name user.firstName
    family_name user.lastName
  7. Scroll to the bottom and select Next.
  8. Select I'm an Okta customer adding an internal app.
  9. Select Finish.

Configure SaaS Manager

The final step is to set up the connection in SaaS Manager.

  1. In Okta, open your SaaS Manager tile and navigate to the Sign On tab.
  2. Under SAML 2.0, select Copy to copy the Metadata URL.
  3. Switch back to the SaaS Manager tab you opened earlier. You should have navigated to Settings > Users > Single Sign-On (SSO) > SAML providers.
  4. Select New under SAML providers.
  5. Enter a Name (Okta) and select Metadata from URL.
  6. Paste in the Metadata URL you took from Okta.
  7. Select Create.

Test the connection

You can now test the Okta connection.

  1. Log out of SaaS Manager.
  2. Assign yourself to the SaaS Manager application in Okta.
  3. Go to your My Apps page and select on the SaaS Manager tile.

You should be logged in to SaaS Manager successfully.

Troubleshooting

SaaS Manager user accounts are being created using a username rather than an email address

  1. Find the SaaS Manager application, open the Sign on tab and select Edit.
  2. From the Credentials Details section, make sure Application username format is set to Email.

Using the Okta App Catalog app

The Trelica (now 1Password SaaS Manager) application in the Okta App Catalog is specific to https://app.trelica.com, and won't work on https://eu.trelica.com. Due to the way it's configured, it's relatively inflexible. For example, you cannot enable SCIM for it. Creating from scratch is very quick so we recommend following the steps at the top of this article.

To use the App Catalog app:

Open the Okta Administration UI, and from the Applications menu and select Browse App Catalog.

  1. Search for Trelica and select the Okta Trelica application. Select Add next to the search result listing.
  2. Select Done.

Finalize configuration in Okta

  1. From the Sign On tab, select Edit.
  2. Scroll down to Advanced Sign-on Settings. You will need to fill in the ACS URL field. This is provided by SaaS Manager.
  3. In a separate tab, log in to SaaS Manager and go to Settings > Users > Single Sign-On (SSO).
  4. Copy the SAML Assertion Consumer Service (ACS) URL value and paste it into the Okta ACS URL field.
  5. Set the Application username format to Email.
  6. Select Save.
Now follow the steps described above in the Configuring SaaS Manager section to finish configuring the SAML connection in SaaS Manager.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.