The following recommended configuration settings should be utilized when configuring administrative access to the StatusDashboard administration portal using Okta as the identity provider.
Okta Settings
In order to configure Okta to authenticate your administrative users against the StatusDashboard administration portal, login to your Okta account and create a new Okta app using the settings listed in the following table.
|
Okta Configuration Setting |
StatusDashboard Setting
|
|
Single Sign on URL |
Login to StatusDashboard, browse to Security > Single Sign-On > SAML SSO > Edit and look for the Assertion Consumer Service (ACS) field under Service Provider. Enter this value in the Okta configuration field and leave the option checked to "Use this for Recipient URL and Destination URL. |
|
Audience URI (SP Entity ID) |
Login to StatusDashboard, browse to Security > Single Sign-On > SAML SSO > Edit and look for the Entity ID / Issuer field under Service Provider. Enter this value in the Okta configuration field. |
|
Default RelayState |
Leave Blank |
|
Name ID format |
EmailAddress |
|
Application username |
|
|
Response |
Signed |
|
Assertion Signature |
Signed |
|
Signature Algorithm |
RSA-SHA256 |
|
Digest Algorithm |
SHA256 |
|
Assertion Encryption |
Unencrypted |
|
Enable Single Logout |
Disabled |
|
Authentication context class |
PasswordProtectedTransport |
|
Honor Force Authentication |
Yes |
|
SAML Issuer ID |
Leave Default Setting |
StatusDashboard Settings - Service Provider
In order to configure the StatusDashboard Service Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > SAML SSO > Edit. Configuration settings are listed in the following table and should be entered in the Service Provider section of StatusDashboard:
|
Configuration Setting |
Instructions |
Notes |
|
Sign AuthN Request |
Enabled |
|
|
Sign Logout Request |
Enabled |
|
|
Sign Logout Response |
Enabled |
|
|
Sign Metadata |
Enabled
|
This option can be set either way and is not dependent on the Okta configuration. |
|
Signature Algorithm |
rsa-sha1 |
Can be set to any signature algorithm. |
|
Digest Algorithm |
sha1 |
Can be set to any digest algorithm. |
|
Encrypt Name ID |
Disabled
|
|
|
Include Authentication Context |
Enabled |
StatusDashboard Settings - Identity Provider
In order to configure the StatusDashboard Identity Provider settings, login to StatusDashboard and browse to Security > Single Sign-On > SAML SSO > Edit.
You will need the following settings from your Okta app setup:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate.
Configuration settings are listed in the following table and should be entered in the Identity Provider (IdP) section of StatusDashboard:
|
Configuration Setting |
Instructions |
Notes |
|
Entity ID / Issuer |
Insert the Okta Identity Provider Issuer. |
|
|
Single Sign-On (SSO) Service URL |
Insert the Okta Identity Provider Single Sign-On URL. |
|
|
Single Logout Service (SLO) URL |
Not currently supported |
|
|
IdP Logout URL |
https://[Your Okta company name ].okta.com/login/signout |
When not using SLO, this URL will end the user's Okta session when logging out of StatusDashboard. Insert your Okta company name in the brackets. |
|
Logout Redirect URL |
[Insert redirect URL] |
Enter a URL where you want your users to end up after logging out. |
|
x509 Certificate |
[x509 cert in PEM format] |
Enter the Okta x.509 Certificate. |
|
Require Message Signature |
Enabled |
|
|
Require Assertion Signature |
Enabled |
|
|
Require NameID Encryption |
Disabled |