Skip to main content

How to Configure SAML Single Sign-On

Configuring Okta for SAML SSO on your Luciq Dashboard

Sherif avatar
Written by Sherif
Updated this week

This document shows in detail how to configure your SAML SSO using Okta, but most similar platforms that support SAML should have similar steps.

To configure Luciq with Okta, you will need to follow these steps:

  1. Create an Okta account https://www.okta.com/free-trial/

  2. Sign up in Luciq's dashboard using the same email address as Okta

  3. At Luciq's dashboard, open the account settings> SSO > SAML and configure it.

  4. At Okta's dashboard, click on the "Admin" button to open the admin panel

    1. Set up verification with the Okta Verify app (if needed)

  5. Create a new application of "SAML" type

    1. From the sidebar, go to applications

    2. Select "Create App Integration"

    3. Select SAML 2.0 type and click “Next“

    4. General settings: enter the app name and click “Next“

    5. at configurations: enter the mapped values as follows from the dashboard Configure SAML SSO modal and then click “Next“

      1. Single sign-on URL → Service Provider SSO Callback URL (found on Configure SAML SSO modal on dashboard)

      2. Audience URI (SP Entity ID) → Service Provider Entity ID modal (found on Configure SAML SSO modal on the dashboard)

      3. leave Default RelayState empty

      4. Name ID format: select EmailAddress

      5. Application username: select email

    6. Feedback: select I'm a software vendor. I'd like to integrate my app with Okta and click “Finish”

  6. Assign Users to App: Go to applications, click on assign users to app then select app and user, click “Next“ and confirm assignment.

  7. From applications, open the created app, then select the “Sign On” tab

  8. Scroll to “View Setup Instructions” and open it

  9. Download Okta certificate

  10. You can set up a fingerprint or upload the certificate directly

    1. Uploading certificate

      1. At the Luciq dashboard, Configure SAML SSO modal and select Certificate

        1. Upload downloaded certificate from step 9

          2.In SAML/idP metadata URL → add the Identity Provider Single Sign-On URL value on “View Setup Instructions” in Okta dashboard

    2. Setting fingerprint manually

      1. At your terminal change directory to where you downloaded the certificate in step 9

      2. Execute openssl x509 -noout -fingerprint -sha1 -inform pem -in okta.cert

      3. Copy the fingerprint value, which should look something like this: F4:95:55:6E:97:D7:B6:26:56:3C:D0:4D:A0:D3:E4:05:B3:11:FF:B7

      4. At the dashboard Configure SAML SSO modal select Fingerprint and enter the mapped values

        1. Identity Provider Certificate Fingerprint → paste the value you get from the terminal

        2. Identity Provider Certificate Fingerprint Algorithm → choose SHA1

        3. SAML/idP metadata URL → Identity Provider Single Sign-On URL value on View Setup Instructions in Okta dashboard

  11. Logout from your normal account

  12. Select login with SSO

  13. Enter the Okta email that you assigned app to then your credentials on Okta form

  14. After redirecting change dash-dev to deploy

  15. Tada! 🎉

ℹ️ To enable SAML/OAuth to your company for all members, you need to login using SSO at least once after configuring it.

After this, no member can login with their email/password, only logging in using SSO is allowed.

⚠️ If you disabled SSO and then re-enable it, it will be enabled immediately for the whole company (without needing to login using SSO first)

Did this answer your question?