Configuring Okta Single Sign-on

security-blog

If you’re looking for a way to get started with securing your trees via Single Sign-on, you’ll first need to have an Identity Provider to manage your logins. Okta is a great service – it’s easy to set up, and very popular.  This article will show you how to get Okta and Zingtree working together.

Set Up Overview

Configuring SSO requires Okta and Zingtree to share information with each other:

  1. Okta needs information about Zingtree.
  2. Zingtree needs information about your Okta.

Once you have Zingtree and Okta successfully working together, you can mark any of your trees as “SSO restricted” via the Zingtree Settings tool to require a login to get access.

For the setup, we recommend keeping two browser tabs open – ope in Okta, and one in Zingtree.

Configuring Okta

To start, in the Zingtree top menu, go to Account, Single-Sign-on. You’ll see the parameters (specific to your organization) to share with Okta:

Let’s use this information to set up the Okta side:

  1. If you haven’t already created a free Okta account, do it now.
  2. Go to the Okta Dashboard.
  3. Click Add Applications under Shortcuts.
  4. Click Create New App.
  5. Choose SAML 2.0 as the sign-on method, and click Create.
  6. In the General Settings, give your application a name (like “Zingtree”), and click Next.
  7. Under SAML Settings, configure it as shown below.  For the Single Sign-on URL, use Zingtree’s Login URL. For the Audience URI, use Zingtree’s Entity ID.

  8. Click Next to finish the SAML setup.

Configuring Zingtree

First, let’s get some information from Okta:

  1. In Okta, click Applications from the top menu, and go to Applications.
  2. Click the new Zingtree application we created.
  3. Click Sign on, then View Setup Instructions. Keep this page open in a browser tab.
  4. Now go back to the Zingtree tab, and click Edit Identity Provider Data.
  5. For the Zingtree Entity ID, use the Okta Identity Provider Issuer.
  6. For the Zingtree Login URL, use the Okta Identity Provider Single Sign-On URL.
  7. Copy the Okta certificate into the Zingtree certificate field.
  8. Make sure Enable access restrictions on specified trees is checked in Zingtree.
  9. Click Save Identity Provider Settings.

Testing Your SSO Setup

Once you’ve set up your Identity Provider and Zingtree for SSO, you can test from Zingtree as follows:

  1. In Zingtree, go to Account, Single Sign-on.
  2. Click the orange Test Setup button at the lower right of the page.

From here. you can test logging into Okta from Zingtree.  If you’re already logged in, the test will just return your email or other identifier from Okta.  If you’re not yet logged in, the Okta’s login screen will appear, and then you will be returned to the Zingtree SSO test page after logging in.

Enabling SSO on Your Trees

Once SSO is working properly from your test, you can restrict access to any tree as follows:

  1. Go to My Trees, and select the tree that you want to require SSO login.
  2. Click the Settings tool.
  3. Check Require Single Sign-on (SSO) Login to Access.
  4. Click Update Settings.

This process has been tested, but if you’re having trouble getting Okta and Zingtree working together, please let us know!

Leave a Reply

Your email address will not be published. Required fields are marked *