Okta Configuration

Configuring Okta is relatively straightforward.

Please keep in mind that the following instructions are given as an example, and may differ from what is required in your particular situation.

Once you connect to your Okta administration portal, go to the Applications page:

  1. Select Add Application.
     
    Add Application
  2. Select Create New App.
     
    Create New App

  3. Create a new web-based SAML 2.0 Application.
     
    Create New Application

  4. Give your new application a name.
     
    Create SAML Application General

  5. Enter the SAML settings.
     
        Single Sign on URL: https://YOUR SITE URL/saml/saml_login_response
        Audience URI: https://YOUR SITE URL/saml/metadata
     
    Create SAML Application Settings

  6. Enter the SAML Attributes.
        login_id
        firstname
        lastname
        email
        access
        groups (optional)
     
    The values you decide to use will be dependant on your organization.
     
    Please note that in this example we hard-code true for access as we control the availability of the Application elsewhere. We have also decided to add the groups attribute, which we populate with the list of group memberships from either Admin, Artist, or Manager. The user must be part of only one group.
     
    Create SAML Application Settings Claims

  7. Finish the configuration.
     
    Create SAML Application Finish

  8. Proceed with the rest of the Okta configuration to determine access to the application and ensure that the proper attributes are sent. This will depend on your organization and how you have decided to set the values for the attributes.

  9. Provide the SSO configuration to your Shotgun Administrators. Click on the View Setup Instructions and provide the informations shown:
        SAML 2.0 Endpoint (HTTPS): Identity Provider Single Sign-On URL
        Identity Provider Issuer: Identity Provider Issuer
        Public Certificate: X.509 Certificate
     
    If instead you download the metadata, you will need to extract:
        SAML 2.0 Endpoint (HTTPS): SingleSignOnService Binding Location
        Identity Provider Issuer: EntityDescriptor entityID
        Public Certificate: X509Certificate
     
    Create SAML Application Setup

Follow