Okta

Requirements

• Your organization uses Okta for authentication.
• You have an Admin role.

Just-in-Time(JIT) Provision

With SAML integration, once a user is created on your end (optionally included in a group that has access to Kubit), that user can log in to Kubit immediately. The user profile information will also be automatically updated at every login time.

When a user is deleted/deactivated on your end, they will lose access to Kubit immediately too. There is no offline communication required.

Configure SAML application

1. Navigate to the Okta admin portal.

2. Click on Applications under the Applications tab.

3. On the Applications screen click on Create App Integration button.

4. On the Create a new app integration screen select SAML 2.0.

   

5. On the step 1. General Settings use Kubit SAML as App name.
   Download the Kubit logo from the provided Logo URL and upload it as App logo.
   Check the Do not display application icon to users.

   

6. On the next step 2. Configure SAML use the provided ACS URL as Single sign-on URL and Entity ID as Audience URI (SP Entity ID).

   

7. On the same screen map Attribute Statements as follows:

   Name	Value
   email	user.email
   name	String.join(" ", user.firstName, user.lastName)
   given_name	user.firstName
   family_name	user.lastName
   picture‍‍	user.profileUrl

   

   
   

8. (Optional) On the same screen map Group Attribute Statements as follows:

   📘

   Roles and Permissions

   You can manage permissions on the Kubit platform using your IdP groups by mapping the groups attribute. This step is mandatory for utilizing groups for permission management within the Kubit platform.

   Name	Filter
   groups	Matches regex: (group1|group2|group3)

   

   
   

9. You can skip the next screen 3. Feedback.

10. Once the app is created copy the Metadata URL and share it with Kubit Team.

    

11. Navigate back to the Applications screen.

12. Click on Browse App Catalog and search for Bookmark App. While on the Boomark App page click on + Add Integration button.

    

    
    

    

13. On the Add Bookmark App screen use Kubit as Application label. Use the provided Login URL as URL. Leave Do not display application icon to users unchecked.

    

14. Once the Bookmark App is created download the Kubit logo from the provided Logo URL and upload it.

    

Test

Once configured properly on both sides, please work with the Kubit Team to test the integration. You will be provided a test URL.

Open Access

📘

Assignments

Make sure to assaign groups to both Kubit SAML and Kubit apps.

Assign Kubit App to specific users

References

Auth0: SAML IdP Configuration Settings