1. Create and configure the application within Okta
Create the application
1. Navigate to your Okta admin panel > Applications > Applications
2. Click `Create App Integration` and select `SAML 2.0`
3. The general settings you're presented with are for how the app will be shown to users within Okta, it's recommended to set this to `ISMS.online`. Here is an image you can use for the app logo if you'd like to.
4. Click `Next`
Configuring SAML
By the end of this guide, your platform URL will be updated to use a unique subdomain e.g. https://company.isms.online/. Most organisations tend to stick with their company name, once you have decided on what you would like this to be - please add the following to the General settings area:
- Single sign on URL:
- https://<SUBDOMAIN>.isms.online/sso/saml2
- Audience URI (SP Entity ID):
- https://<SUBDOMAIN>.isms.online/sso/saml2/sp
- Name ID format:
- Persistent
- Application username:
Now that Okta can point to ISMS.online, we need to specify what information (about a user) should be passed within the SAML request. Under `Attribute Statements (optional)`, please enter the following:
| Name | Value |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.firstName |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.lastName |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.email |
You can leave all of the Name format columns as `Unspecified`. Head to the bottom of the page and click `Next`. Select `I'm an Okta customer adding an internal app` and click `Finish`.
2. Sharing information with us
After completing Step 1, you should be taken to the `Sign On` page of the app you've just created. On the right-hand side under `SAML Setup` click the button that reads `View SAML setup instructions`.
All 3 pieces of information on this page will need to be sent to support@isms.online in order to finalise the connection on our end. The certificate thumbprint as it's presented on that page is what we specifically need, however if you would prefer a more secure approach - feel free to download the certificate and share it to us using whatever method is most comfortable for you.
3. Assigning users to the application
Now that we've completed all the work to establish the connection, you'll need to grant your users the right to sign in using Okta to access ISMS.online. This can be done by:
1. Navigating to the `Assignments` tab in your ISMS.online application in Okta
2. Click the blue `Assign` button and select `Assign to People
3. Assign yourself along with any other users/groups you wish to add. We have a guide on New User Templates which could benefit you if you're looking to bring more users into the platform.
4. Accessing ISMS.online via SSO
You'll soon hear from us to confirm that SSO has been enabled for your environment. Once you've received our confirmation email, any user specified in the `Assignments` tab will be able to access the platform by clicking the new `Sign in via SSO` button that will be found on your new login page:
https://<ORGANISATION>.isms.online
This new login page will replace the generic `platform.isms.online` URL and be unique to your organisation. Any users from your organisation that attempt to sign in using email and password will be redirected there.
- Users can continue to sign in via traditional email and password until they are ready to upgrade, once a user signs in via SSO it will be required for every future login
- New users can still be created through ISMS.online (see guide), but if they are registered in your IdP then the platform will automatically generate a user for them. This can be used in conjunction with New User Templates to ensure new user access is easy and efficient
If you have any further questions following the completion of your setup, please don’t hesitate to contact the ISMS.online support team at support@isms.online
