Implementing SAML with Okta

  • Updated

One of the SAML providers you can use is Okta (https://www.okta.com).

In order to get started with Okta SAML, you will need:

  • Okta account with admin permissions
  • All users are provisioned in Okta with the same exact email address. We don't create new user accounts with SSO. 

Configuring Okta

  1. Inside Okta, navigate to the Applications screen and add a new application.Screen_Shot_2020-01-24_at_15.17.14.png
  2. Click "Create New App"
  3. When the modal pops up, select SAML 2.0, and then click "Create".Screen_Shot_2020-01-24_at_15.18.34.png
  4. On the next screen, give the Application a name.Screen_Shot_2020-01-24_at_15.19.39.png
  5. In Configure SAML, fill in the following fields:
    • Single sign on URL: Enter the url of your Hudu instance followed by /saml/consume
    • Audience URI: Enter the url of your hudu instance
    • Name ID format: Choose EmailAddress
    • Application username: Choose EmailScreen_Shot_2020-01-24_at_16.54.39.png
  6. Click "Show Advanced Settings" and fill out the following fields:
  7. Click Next.
  8. Now, choose:
    1. I'm an Okta customer adding an internal app
    2. This is an internal app that we have createdScreen_Shot_2020-01-24_at_16.56.43.png
  9. Then click Finish
  10. On the next screen, click View Setup Instructions.Screen_Shot_2020-01-24_at_17.00.37.png
  11. Keep the setup instructions open as you fill out the info in Hudu.

 

Configuring the Fingerprint

  1. In order to get the fingerprint, go to https://developers.onelogin.com/saml/online-tools/x509-certs/calculate-fingerprint.
  2. Paste in the certificate from the Setup Instructions.
  3. Use sha1 as the algorithm.
  4. Copy the fingerprint. It should look like: 
    b909502ee82ae32433e6f83886b11d4277a32a7a

Configuring Hudu

The final step is configuring Hudu so you can utilize SSO.

  1. Login to Hudu and click the Admin cog on the sidebar.
  2. Click General.
  3. Click "Enable Single Sign-On".
  4. Enter the details you found on the previous steps in to the form.
    • Copy the Okta Identify Provider Issuer and paste in to the SAML Issuer URL.
    • Copy the Okta Identity Provider Single Sign-On URL and paste in to the SAML Login Endpoint and SAML Logout Endpoint.
    • Copy the fingerprint you generated above and paste in to the SAML Fingerprint field.
    • Copy the certificate and paste in to the SAML Certificate field. Make sure there is no extra space trailing at the end!
  5. Click "Enable Single Sign-On".
  6. Hit "Update SAML Details" and SAML should now be activated.

Testing SAML

Open an incognito window and try and access Hudu. You should be redirected to the login page, where you will see a "Use Single Sign On (SSO)" button. If you are able to successfully login via this button, your SAML is working!

Disabling password access for non-administrators

You have the option to disable password logins for non-administrators (users that are not super admins or admins). Click "Disable Password Access for non-Admins" and all users below admin will have to use single sign on 

 

 

Still have questions?

Contact us