1. Create and configure the application within Okta
Create the application
1. Navigate to your Okta admin panel > Applications > Applications
2. Click `Create App Integration` and select `SAML 2.0`
3. The general settings you're presented with are for how the app will be shown to users within Okta, it's recommended to set this to `ISMS.online`. Here is an image you can use for the app logo if you'd like to.
4. Click `Next`
Configuring SAML
By the end of this guide, your platform URL will be updated to use a unique subdomain e.g. https://company.isms.online/. Most organisations tend to stick with their company name, once you have decided on what you would like this to be - please add the following to the General settings area:
If you have already set a custom Subdomain for your please use the same as the <organisation> place holder below.
- Single sign on URL:
- https://<SUBDOMAIN>.isms.online/sso/saml2
- Audience URI (SP Entity ID):
- https://<SUBDOMAIN>.isms.online/sso/saml2/sp
- Name ID format:
- Persistent
- Application username:
For Customers in the APAC Region please use the following settings:
- Single sign on URL:
- https://<SUBDOMAIN>.r2.isms.online/sso/saml2
- Audience URI (SP Entity ID):
- https://<SUBDOMAIN>.r2.isms.online/sso/saml2/sp
- Name ID format:
- Persistent
- Application username:
For Customers in the North American Region please use the following settings:
- Single sign on URL:
- https://<SUBDOMAIN>.r3.isms.online/sso/saml2
- Audience URI (SP Entity ID):
- https://<SUBDOMAIN>.r3.isms.online/sso/saml2/sp
- Name ID format:
- Persistent
- Application username:
For customers in the European Union (EU) region please use the following settings:
- Single sign on URL:
- https://<SUBDOMAIN>.r4.isms.online/sso/saml2
- Audience URI (SP Entity ID):
- https://<SUBDOMAIN>.r4.isms.online/sso/saml2/sp
- Name ID format:
- Persistent
- Application username:
Now that Okta can point to ISMS.online, we need to specify what information (about a user) should be passed within the SAML request. Under `Attribute Statements (optional)`, please enter the following:
Name | Value |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | user.firstName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | user.lastName |
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | user.email |
You can leave all of the Name format columns as `Unspecified`. Head to the bottom of the page and click `Next`. Select `I'm an Okta customer adding an internal app` and click `Finish`.
2. Sharing information with us
After completing Step 1, you should be taken to the `Sign On` page of the app you've just created. On the right-hand side under `SAML Setup` click the button that reads `View SAML setup instructions`.
What we need from you:
- What subdomain did you set (if not already set on the platform) in the placeholders in the Configuration section.
- If you have set a custom subdomain on the platform already, you should use the same details.
- The Entity ID
- The SSO target URL
- The security Certificate in base 64 format
Please note, any requests should come initially from a Organisation Admin
Once you have that, you can either email it to support@isms.online, or reach out to us via the live chat.
3. Assigning users to the application
Now that we've completed all the work to establish the connection, you'll need to grant your users the right to sign in using Okta to access ISMS.online. This can be done by:
1. Navigating to the `Assignments` tab in your ISMS.online application in Okta
2. Click the blue `Assign` button and select `Assign to People
3. Assign yourself along with any other users/groups you wish to add. We have a guide on New User Templates which could benefit you if you're looking to bring more users into the platform.
4. Accessing ISMS.online via SSO
You'll soon hear from us to confirm that SSO has been enabled for your environment. Once you've received our confirmation email, any user specified in the `Assignments` tab will be able to access the platform by clicking the new `Sign in via SSO` button that will be found on your new login page:
https://<ORGANISATION>.isms.online
This new login page will replace the generic `platform.isms.online` URL and be unique to your organisation. Any users from your organisation that attempt to sign in using email and password will be redirected there.
- Users can continue to sign in via traditional email and password until they are ready to upgrade, once a user signs in via SSO it will be required for every future login
- New users can still be created through ISMS.online (see guide), but if they are registered in your IdP then the platform will automatically generate a user for them. This can be used in conjunction with New User Templates to ensure new user access is easy and efficient
If you have any further questions following the completion of your setup, please don’t hesitate to contact the ISMS.online support team at support@isms.online