Authentication with Okta and SAML2

Last Modified on 12/30/2024 4:19 pm EST

PoliteMail User Authentication with SAML2 and Okta

  1. Open Okta and click the Applications tab, then the Get Started tab, and the 'Create New App' button.  The 'Create a New Application Integration' window will appear.
  2. Select 'Web' from the Platform drop-down menu.  Click the SAML 2.0 radio button, then click 'Create'.  You will be taken to the application wizard.
  3. The Application Wizard has three steps: General Settings, Configure SAML, and Feedback.
    1. For General Settings:
      • The Application Name should be 'PoliteMail SAML' for easy reference.
      • Check both App visibility options so they are both selected, then click 'Next'.
    2. For the Configure SAML step:
      • Single Sign On URL: https://[YourPoliteMailHostname]/ssv3/Saml2/Acs.
      • Use this for Recipient URL and Destination URL: Checked
      • Audience URI (SP Entity ID): https://[YourPoliteMailHostname]
      • Set Name ID format: EmailAddress
      • Application username: Email
      • Update application username on: Create and update
    3. Click 'Show Advanced Settings'.
      • Response: Signed
      • Assertion Signature: Signed
      • Signature Algorithm: RSA-SHA256
      • Digest Algorithm: SHA256
      • Assertion Encryption: Unencrypted
      • Enable Single Logout: Unchecked
      • Assertion Inline Hook: None (disabled)
      • Authentication context class: Password
      • Honor Force Authentication: Yes
      • SAML Issuer ID: http://okta.com/$(org.externalKey)
    4. Download the Okta Certificate and place it on the PoliteMail server.
    5. Attribute Statements:
Name Name Format Value
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference user.email
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname  URI Reference user.firstName
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname URI Reference user.lastName
    1. Group Attribute Statements:
    Name Name Format Filter
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role
    		URI Reference Starts with PoliteMail
    1. You will need to create either 4 Directory Groups for PoliteMail: PoliteMailSystemAdministrator, PoliteMailAdministrators, PoliteMailManager, and PoliteMailUser.  These names will be mapped on the PoliteMail server.
    2. You'll now get to the third step, Feedback.  Fill out those fields as they apply to your organization, and click on 'Finish' when completed.

    After you click 'Finish', you will be redirected to the Settings page. 

Click on 'View Setup Instructions'.  This will take you to the Okta configuration page and will display the IDP SSO URL, IDP Issuer (Entity ID), and the X.509 Certificate.  Send all three of these items to PoliteMail Support.


Was this article helpful?
Thank you for your feedback!
User Icon

Thank you! Your comment has been submitted for approval.

Related Articles
Most Popular
Newest
Recently Updated
Copyright ©PoliteMail. All rights reserved.