Okta SAML setup

Enable your Okta users to access Trelica with Single-Sign-On (SSO). Once you've completed this step you may wish to enable SCIM from Okta.

Watch a 5 minute video showing you how to configure both SAML and SCIM in Okta.

Create an Okta App Integration from scratch

  1. Open the Okta Administration UI, select the Applications menu and click Create App Integration:

  2. Choose SAML 2.0 from the dialog and click Next.

  3. Enter Trelica as the App name, and upload a Trelica logo.

  4. You will need the SAML Assertion Consumer Service (ACS) URL (Single sign-on URL) and SAML Entity ID (or Audience URI) from Trelica.

    To find these, in a separate tab, log in to Trelica and go to Admin > Settings > Users > Single Sign-On (SSO):

  5. Fill in the following fields:

    Single sign-on URL Trelica SAML Assertion Consumer Service (ACS) URL
    Audience URI (SP Entity ID) Trelica SAML Entity ID
    Name ID format EmailAddress
    Application username Email

  6. Under Attribute Statements in Okta add two statements:

    Name Value
    given_name user.firstName
    family_name user.lastName

  7. The screen should look like this:

    Scroll to the bottom and click Next.

  8. On the final step choose I'm an Okta customer adding an internal app.

  9. Click Finish.

Configure Trelica

The final step is to set up the connection in Trelica.

  1. Take a copy of the Metadata URL from Okta:

  2. Switch back to the Trelica tab you opened earlier. You should have navigated to Admin > Settings > Users > Single Sign-On (SSO).

  3. Click the New button under SAML providers.

  4. Enter a Name (Okta) and choose Metadata from URL.

  5. Paste in the Metadata URL you took from Okta:

  6. Click Create.

Test the connection

You can now test the Okta connection.

  1. Log out of Trelica.

  2. Assign yourself to the Trelica application in Okta.

  3. Go to your My Apps page and click on the Trelica tile:

You should be logged in to Trelica successfully.

Troubleshooting

Trelica user accounts are being created using a username rather than an email address

  1. Find the Trelica application, open the Sign on tab and click Edit:

  2. Scroll down to the Credentials Details section and make sure Application username format is set to Email.

Using the Okta App Catalog app

The Okta App Catalog Trelica application is specific to https://app.trelica.com (so will not work on https://eu.trelica.com) and due to the way it is configured is relatively inflexible (e.g. you cannot enable SCIM for it). Creating from scratch is very quick so we recommend following the steps at the top of this article.

If you wish to use the App Catalog app, here's how:

Open the Okta Administration UI, select the Applications menu and click Browse App Catalog.

  1. Search for Trelica and select the Okta Trelica application. Click Add next to the search result listing.

  2. The Trelica application is added. Click Done.

Finalize configuration in Okta

  1. Go to Sign On and click Edit.

  2. Scroll down to Advanced Sign-on Settings.

    You will need to fill in the ACS URL field. This is provided by Trelica.

  3. In a separate tab, log in to Trelica and go to Admin > Settings > Users > Single Sign-On (SSO):

  4. Copy the SAML Assertion Consumer Service (ACS) URL value and paste it into the Okta ACS URL field.

  5. Set the Application username format to Email:

  6. Click Save.

Now follow the steps described above in the Configuring Trelica section to finish configuring the SAML connection in Trelica.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.