Configuring Okta is relatively straightforward.
Please keep in mind that the following instructions are given as an example, and may differ from what is required in your particular situation.
Once you connect to your Okta administration portal, go to the Applications page:
- Select Add Application.
Select Create New App.
Create a new web-based SAML 2.0 Application.
Give your new application a name.
Enter the SAML settings.
Single Sign on URL: https://YOUR SITE URL/saml/saml_login_response
Audience URI: https://YOUR SITE URL/saml/metadata
Enter the SAML Attributes.
The values you decide to use will be dependant on your organization.
Please note that in this example we hard-code
truefor access as we control the availability of the Application elsewhere. We have also decided to add the groups attribute, which we populate with the list of group memberships from either Admin, Artist, or Manager. The user must be part of only one group.
Finish the configuration.
Proceed with the rest of the Okta configuration to determine access to the application and ensure that the proper attributes are sent. This will depend on your organization and how you have decided to set the values for the attributes.
Provide the SSO configuration to your Shotgun Administrators. Click on the View Setup Instructions and provide the informations shown:
SAML 2.0 Endpoint (HTTPS): Identity Provider Single Sign-On URL
Identity Provider Issuer: Identity Provider Issuer
Public Certificate: X.509 Certificate
If instead you download the metadata, you will need to extract:
SAML 2.0 Endpoint (HTTPS): SingleSignOnService Binding Location
Identity Provider Issuer: EntityDescriptor entityID
Public Certificate: X509Certificate