Skip to main content

Integrate with Okta (SAML)

Stopino
  • Updated

Users with the Manage Users and Permissions user permission can set up single sign-on with Okta. This integration creates accounts as users log in the first time.

This is a three-step process:

  1. In Okta, add a new SAML application.
  2. In Facilities Drawings, set up the integration.
  3. In Facilities Drawings, set default roles for users who log in via Okta.
Important: Because of the technical knowledge required, your district's IT administrator will most likely need to perform this procedure.

Step 1: In Okta, add a new SAML application

A few things to take note of while setting up the SAML application:

  • Fields are case sensitive.
  • Enter a unique App Name to correspond with Facilities Drawings.

  • For SAML Settings, set up the single sign-on URL.

    Note: Enter https://XXXXX.mldrawings.com/MLSAMLConnect.aspx. Replace “XXXXX” with your custom subdomain.
  • Be sure to select the Use this for Recipient URL and Destination URL checkboxes.
  • For the Application username, select Okta username.
  • In Attribute Statements, you need to match the text exactly as follows: 
    • FirstName 
      Value: user.firstName
    • LastName 
      Value: user.lastName
    • Email
      user.email
    • ExternalId
      user.employeeNumber 
  • In Group Attribute Statements, select the groups you will pass to Drawings. This will then automatically assign users role(s) in Drawings.
  • Select I'm an Okta customer adding an internal app.
  • Download the SAML signing certificate to copy into Drawings.
Note: Okta’s interface and field names may have changed since this was written. Use these steps as a general guide, and select the closest matching options in your Okta portal.

Step 2: In Facilities Drawings, set up the integration

  1. In Facilities Drawings, select Admin > Single Sign On > SAML Configuration. The SAML Integration Admin page appears.
    SAML Integration Admin page.

  2. Next to Okta, click . A pop-up appears.

    SAML Okta integration pop-up.

  3. Do the following:

    1. Under Issuer, enter the desired URL.

      Note: You get this info from Okta.
    2. Enter the Login Link, if desired.

    3. Under Certificate, enter the certificate.

      Note: You download this from Okta.
  4. Click Save.

Step 3: In Facilities Drawings, set default roles for users who log in via Okta

Note: You can create as many SAML groups as you want. When a user first logs in, they are assigned the role based on the group they belong to. You can also manage additional roles in Drawings, but cannot remove these default roles.
  1. Select Admin > Single Sign On > SAML Group Settings. The Manage SAML Groups page appears.

  1. Click +Add SAML Group. A pop-up appears.

    SAML Group Settings pop-up.

  1. Do any of the following:

    1. Enter a Group Name.

      Note: This will be the Object ID established in Okta.
    2. Select the desired Roles.

    3. Select the desired Systems.

      Note: To select All Systems, select the checkbox.

    4. Select the desired Asset Types.

      Note: To select All Asset Types, select the checkbox.
  1. Click Save.
  2. Repeat steps 2-4 for each group you want to add.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk