Loading ...

Okta SSO | Communifire Documentation

Home » communifire documentation » Wiki » Documentation » Login » Single Sign On (SSO) » Okta SSO
Communifire Documentation  Wiki
Public Space
Activity Stream Content
Version 12

Okta SSO

 /5
0 (0votes)
Okta / SAML Single sign-on is an add-on module for Communifire. To add this to your account, please contact our sales team. For more information, see the services and add-ons page.

Security Assertion Markup Language (SAML) is an XML standard that allows secure web domains to exchange user authentication and authorization data. Using SAML, an online service provider can contact a separate online identity provider to authenticate users who are trying to access secure content. SAML enables cross-domain single sign-on, allowing users to access other sites without the need for re-authentication. Communifire version 4.7 and above supports SAML 2.0.

Login Experience

On visiting your intranet, users will be re-directed to the Okta log in page.

Logging in with Communifire credentials

You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click Login via SAML to sign in using Okta credentials.

Mobile App Login Experience

In the mobile app, users will be re-directed to the Okta log in page after entering the site URL.

Logging in with Communifire credentials

You can allow users to log in using Communifire credentials. Set System Properties > EnableAutoLoginViaSaml to false. When this property is set to false, users will see the Communifire login page. Users can either log in with Communifire credentials or click SSO Login to sign in using Okta credentials.

Adding Users

A user is created in Communifire when the user logs in for the first time. You can add users to Communifire before they log in using the methods below.

Bulk import users

Pre-populate users before Okta setup or launch with Bulk Import Users . The Communifire usernames you create must match the usernames in Okta.

Add users

Add users in Control Panel > People > Manage People > Add User . The Communifire username you create must match the username in Okta.

REST API

You can use our REST API to import users - REST API: Add User , REST API: Update User Profile Fields .

Adding Communifire administrator accounts

If Communifire administrator accounts are created before Okta is set up and the Communifire usernames match Okta usernames, the administrator accounts will sync with the corresponding Okta accounts. If not, you will need to re-configure permissions for the admin Okta accounts and remove the previous Communifire administrator accounts.

Importing Data

Any data can be imported from Okta, as long as there are corresponding User Profile Fields in Communifire. Attribute mappings must be added to Control Panel > System > Single Sign On > Data Mapping > SAML. Enter the attribute name as the property name in Communifire. See the table below for common fields to import.

Name Value
Email user.email
GivenName user.firstName
Surname user.lastName
Company user.organization
Title user.title
Department user.department
streetAddress user.streetAddress
city user.city
state user.state
zipCode user.zipCode
countryCode * user.countryCode
TelephoneNumber user.mobilePhone or user.primaryPhone

* The country code in Okta must match country options in Communifire exactly.

You can also use our REST API to import user data into Communifire.

Syncing Data

User data is updated in Communifire every time a user logs in.

Disabled Users

When a user's assignment is removed in Okta, the user will be blocked from logging into Communifire using Okta.

The user's account will still be active in Communifire. You can Delete User and delete their content or re-assign their content to another user or to the system anonymous user. You can also Ban User , which will retain their content.

Setup Guide

Configure Okta SSO
  1. Set the display to Classic UI.
  2. Visit the Applications page. (/admin/apps/active)
  3. Click Add Application.
  4. Click Create New App.
  5. Select SAML 2.0.
  6. Click Create.
  7. Enter an App name.
  8. Upload an App logo. (Optional)
  9. Click Next.
  10. Enter the Single sign on URL. This is your intranet URL followed by /SAML/AssertionConsumerService.aspx. (e.g. https://myintranet.com/SAML/AssertionConsumerService.aspx 
    or https://myintranet.communifire.com/SAML/AssertionConsumerService.aspx)
  11. Enter your intranet URL in Audience URI.
  12. In the Attribute Statements section, add attributes to pull into Communifire.

    Basic attributes to add:
    Name Value
    Email user.email
    GivenName user.firstName
    Surname user.lastName
    Company user.organization
    Title user.title
    Department user.department
    streetAddress user.streetAddress
    city user.city
    state user.state
    zipCode user.zipCode
    countryCode user.countryCode
    TelephoneNumber user.mobilePhone or user.primaryPhone

    Example:
  13. Click Next.
  14. Select I'm an Okta customer adding an internal app.
  15. Click Finish.
  16. Click View Setup Instructions.
  17. Copy the Identity Provider Single Sign-On URL and save it for later.
  18. Copy the Identity Provider Issuer and save it for later.
  19. Download the X.509 Certificate.
  20. Click Assignments.
  21. Assign users or groups to the app.



Configure Communifire
  1. In Communifire, go to Control Panel > System > Single Sign On.



  2. Select SAML.
  3. Make the following changes to SAML Config:
    • ServiceProviderName: Enter your intranet URL.
    • AssertionConsumerServiceUrl: Enter your intranet URL followed by /SAML/AssertionConsumerService.aspx.
    • Below LocalCertificatePassword, add LocalCertificateFile="" 
    • PartnerIdentityProviderName: Enter the Identity Provider Issuer you copied.
    • SingleSignOnServiceUrl: Enter the Identity Provider Single Sign-On URL you copied.
    • SingleLogoutServiceUrl: Enter the Identity Provider Single Sign-On URL you copied.
    • PartnerCertificateFile: Change the file name from saml.cer to okta.cert.
      Example:
  4. Click Update.
  5. Click Data Mapping.
  6. Add attribute mappings. The Property Name should match the attribute name you entered in Attribute Statements in Okta.
    Example:
  7. Click Update.
  8. Click System Properties.
  9. Click Single Sign On Settings.
  10. Edit the SAMLCertificateFileName system property.
  11. Enter okta.cert.
  12. Click Save.
  13. Click System.
  14. Click Advanced System Utilities.
  15. Click Restart Site.

Submit Private Case

Submit a private case here to have our team upload your certificate file, upload our LocalCertificateFile, and set LocalCertificatePassword. Zip up your okta.cert file and attach it to the case.

Assign Users in Okta
  1. Click Assignments.
  2. Assign users or groups to the app.



Troubleshooting

Exception: "The partner identity provider http://www.okta.com/xxxxxxxx is not configured."

Go to Control Panel > System > Advanced System Utilities and click Restart Site.

Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "InvalidPassword" in stack trace.

Go to Control Panel > System > General Settings > Advanced Settings. Set "Maximum length for password" to a value over 25.

Exception: "UserRepository.AddUserWithSAMLActiveDirectoryProperties Error" when a new user tries to login. "Failed" in stack trace.

Go to Control Panel > System > General Settings > Advanced Settings. Set "Minimum length for username" to a lower value. Set "Maximum length for username" to a higher value.

Comments (no comments yet)

Add a new comment

Wiki Index

Pages

Intranet Software