Configuring SAML 2.0 SSO with Okta as iDP in Recruitment Marketing

Recruitment Marketing Public

Required Setup

Within Okta

  • Create a SAML 2.0 Application Integration.
  • Configure your SAML Settings with these required fields
    • Single sign-on URL: Within Recruitment Marketing copy the value from Organisation > Settings > SAML > Assertion Consumer Service URL.
    • Audience URI (SP Entity ID): should be set to the full domain name of your new website (i.e. careers.company.com), with no protocols.
    • Name ID format: EmailAddress
    • Attribute Statements
      • first_name: user.firstName
      • last_name: user.lastName

Okta SAML settings screenshot

  • Save the settings.
  • Navigate to SAML Signing Certificates and view the IdP metadata for the active certificate.

Screenshot of SAML Signing Certificates UI

  • Copy the URL from your browser, this is the IdP metadata URL and will be required in the Recruitment marketing SAML Settings.
  • Finally in Okta you must assign users to the application from the Assignments tab.

Within Recruitment Marketing

  • Navigate to Organisation > Settings > SAML > Edit ✎
  • Configure your Recruitment Marketing SAML Settings with these required fields
    • Sync settings from iDP Metadata.
    • iDP Metadata URL: Copy the value from Okta.
    • SP Entity ID (Issuer): This must match Okta Audience URI (SP Entity ID) which we suggest to be set as the full domain name of your new website (i.e. careers.company.com), with no protocols.
  • Save the settings which will return you to the SAML overview.
  • Click Sync settings from iDP Metadata this will configure the SAML settings.
  • To sign in using SAML simply copy the iDP SSO Target URL and sign in using your Okta credentials.

Note:  For a user to sign in successfully, a user must already exist in Recruitment Marketing with that email address. Alternatively the "Enable provisioning of users from IdP" checkbox should be checked in Recruitment Marketing > Organisation > Settings > SAML > Edit ✎

Optional Setup

Syncing user roles from Okta

  • Within Okta navigate to Directory > Profile Editor.
  • Within the Okta User (first in list), click Edit Profile.
  • Click Add Attribute
  • Complete the following:
    • Display Name - for example: PageUp Roles
    • Variable name - for example: pageup_roles
      Note:
      the "user." prefix will be added by Okta after saving
    • Description - for example PageUp Roles
    • Data type - string_array
    • Attribute required - leave unchecked
    • User permission - leave the default Read Only
  • Navigate to Okta's directory entry for the person who is attempting to log in.
  • Edit their profile and add a new PageUp Role to their profile. For testing purposes, you can add “organisation_admin” as a single entry. For a full list of the available roles see: Configuring SAML 2.0 for Recruitment Marketing users
  • Navigate to the Recruitment Marketing SAML 2.0 Application Integration.
  • Edit your Okta SAML Settings to include the roles
    • Add a new Attribute Statements
      • roles - user.pageup_roles
  • Within Recruitment Marketing navigate to Organisation > Settings > SAML > Edit ✎
  • Enable syncing user roles/permissions from iDP - click to enable

Comments

0 comments

Article is closed for comments.