From the Okta Administrator Dashboard, go to the Applications screen. From there, click the “Add Application” button and then click the “Create New App” button. You will see a popup like the below, select SAML 2.0 and click create:
First you will need to setup the general gettings for the new App. Below are the values that you should input for the screen:
App name - OneModel
App visibility - Do not check “Do not display application icon to users” or “Do not display application icon in the Okta Mobile app”
Once you have configured this, you will have something like the below. Once finished on this screen click next.
On the next screen you will configure the SAML settings for the new application. Below are the values you should use for this part of the setup:
Single sign on URL - Use the URL provided to you, it will look something like https://your_subdomain.onemodel.us/saml/acs. Check “Use this for Recipient URL and Destination URL”
Audience URI - http://your_subdomain.onemodel.us/Saml/Init
Default RelayState - leave blank
Name ID format - EmailAddress
Application username - Email
Attribute Statements -
The following attributes are required for successful sign in to One Model. They need to be mapped to the corresponding properties on the Okta user:
The following attributes are optional for successful sign in to One Model, but are used for Contextual Role Based Security:
- personId - This is used to identify the person based on the key that your company uses to identify them. The exact key and where it links to in the data set is configurable in One Model. Usually this would be Employee Id, Person Id, or something similar.
When you are done, your screen should look something like the below, once you are finished configuring this screen click the next button.