Okta SAML setup

Enable your Okta users to access Trelica with Single-Sign-On (SSO). Once you've completed this step you may wish to enable SCIM from Okta.

Watch a 5 minute video showing you how to configure both SAML and SCIM in Okta.

Create an Okta App Integration from scratch

  1. Open the Okta Administration UI and navigate to the Applications menu, then select Create App Integration.
  2. Select SAML 2.0, then select Next.
  3. Enter Trelica as the App name, and upload a Trelica logo.

  4. You'll need the SAML Assertion Consumer Service (ACS) URL (Single sign-on URL) and SAML Entity ID (or Audience URI) from Trelica.

    To find these, in a separate tab, log in to Trelica and navigate to Settings > Users > Single Sign-On (SSO) > SAML providers.

  5. Fill in the following fields:

    Single sign-on URL Trelica SAML Assertion Consumer Service (ACS) URL
    Audience URI (SP Entity ID) Trelica SAML Entity ID
    Name ID format EmailAddress
    Application username Email

  6. Under Attribute Statements in Okta add two statements:

    Name Value
    given_name user.firstName
    family_name user.lastName
  7. Scroll to the bottom and select Next.
  8. Select I'm an Okta customer adding an internal app.
  9. Select Finish.

Configure Trelica

The final step is to set up the connection in Trelica.

  1. In Okta, open your Trelica tile and navigate to the Sign On tab.
  2. Under SAML 2.0, select Copy to copy the Metadata URL.
  1. Switch back to the Trelica tab you opened earlier. You should have navigated to Settings > Users > Single Sign-On (SSO) > SAML providers.
  2. Select New under SAML providers.
  3. Enter a Name (Okta) and select Metadata from URL.

  4. Paste in the Metadata URL you took from Okta:

  5. Select Create.

Test the connection

You can now test the Okta connection.

  1. Log out of Trelica.
  2. Assign yourself to the Trelica application in Okta.
  3. Go to your My Apps page and select on the Trelica tile.

You should be logged in to Trelica successfully.

Troubleshooting

Trelica user accounts are being created using a username rather than an email address

  1. Find the Trelica application, open the Sign on tab and select Edit.
  2. From the Credentials Details section, make sure Application username format is set to Email.

Using the Okta App Catalog app

The Okta App Catalog Trelica application is specific to https://app.trelica.com (so will not work on https://eu.trelica.com) and due to the way it is configured is relatively inflexible, for example, you cannot enable SCIM for it. Creating from scratch is very quick so we recommend following the steps at the top of this article.

To use the App Catalog app:

Open the Okta Administration UI, and from the Applications menu and select Browse App Catalog.

  1. Search for Trelica and select the Okta Trelica application. Select Add next to the search result listing.
  2. Select Done.

Finalize configuration in Okta

  1. From the Sign On tab, select Edit.

  2. Scroll down to Advanced Sign-on Settings.

    You will need to fill in the ACS URL field. This is provided by Trelica.

  3. In a separate tab, log in to Trelica and go to Admin > Settings > Users > Single Sign-On (SSO):

  4. Copy the SAML Assertion Consumer Service (ACS) URL value and paste it into the Okta ACS URL field.
  5. Set the Application username format to Email:

  6. Select Save.

     

Now follow the steps described above in the Configuring Trelica section to finish configuring the SAML connection in Trelica.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.