Dynamic Signal customers using Okta as their SSO solution can use the Dynamic Signal app from the Okta Application Network (OAN) for an easier SSO integration which provides a simple, standards-based methodology. You can set up your Okta SSO and test it using the following procedures.
- Set Up your Dynamic Signal App for Okta SSO
- Test your Okta SSO Integration
Set Up your Dynamic Signal App for Okta SSO
- Log on to your Okta Org as an Admin.
- Go to Admin > Applications and click Add Application.
- In the Add Application page, search for the Dynamic Signal app and click Add.
- To configure your app, enter your Community URL in the Base URL field and click Done.
- Click the Sign On tab to open the Sign On page.
- In the Sign On page, click Identity Provider metadata.
- This link contains the IdP metadata required to complete your setup. Copy your Identity Provider Certificate and Identity Provider Service URL (the link after Location) as shown below in the red boxes
- Log on to your Dynamic Signal Community as a Global Manager and go to Admin > Registration > Single Sign-On.
- In the Identity Provider Certificate box of the Single Sign-On page, paste your Identity Provider Certificate from Step 7.
- In the Identity Provider Service URL box, paste your URL from Step 7 and click Save.
- In the Attribute Map Region, enter the exact Identity Provider settings for your Email, FirstName, and LastName.
- Select the Enable SSO checkbox and click Save.
Your Okta SSO Integration is now complete!
Set Up Okta SSO with External SSO User ID
It is possible to configure Okta's SSO to map users via an External SSO User ID, and not an email address. To do this, follow the steps above, but add in an attribute map in Okta, and tell the DySi platform how to read in that attribute in the manager app.
Okta Changes
In the Edit SAML Settings screen, add a mapping of user.login - in this example, it is mapped to "login". To get to this screen, click "Edit" on SAML Settings in Okta's General screen.
DySi Changes
In the SSO Settings page, first, adjust the "ID and Email Settings" to one of the "External SSO User ID ..." options. Second, in the attribute map, under the "External SSO User ID" field, add in the attribute map value from Okta above, which in this example is "login" (and not "user.login").
With these changes, SSO will work based on the SSO ID and not the email address (although it is advised that you continue to send them if possible, because that improves platform engagement).