Skip to main content

Okta: Manual Integration Using SAML

Product:HYPR Control Center, Okta
Applicable Version(s):HYPR v1 or 2, On-premises

This article provides a step-by-step introduction for configuring Okta to work with HYPR. In this guide HYPR will be setup as both a Security Assertion Markup Language (SAML) service provider (SP) and a SAML Identity Provider (IdP) for Okta.

The HYPR SAML-SP configuration is configured to allow users to authenticate with Okta into the HYPR Registration Portal.

The HYPR SAML-IdP configuration allows HYPR to act as a passwordless frontend for Okta. Users can authenticate with HYPR to get access directly into their Okta portal.

HYPR SP Configuration

  1. Login to your Okta administration portal.

  2. Click Applications on the top menu, then click Add Application.

  3. On the Add Application screen, select Create New Application.

  4. In the dialog that pops up, drop down Platform and select Web; choose SAML 2.0 as the Sign on method. Click Create.

  5. The Create SAML Integration dialog displays with General Settings selected by default. Name your app, and optionally provide an App logo, which will display as an icon in the user's portal. When you are finished, click Next.

  6. On the Configure SAML tab, enter the HYPR Single Sign On URL. This will be your HYPR environment URL with /hyprsp/saml/SSO at the end. An example of this is https://example.hypr.com/hyprsp/saml/SSO. This is the URL that consumes SAML messages on the HYPR Service Provider. Provide the Audience URI/SP Entity ID. For HYPR this will be http://mock-sp. Leave all other options with their default settings. Click Next.

  7. Are you a customer or partner? Select I'm an Okta customer adding an internal app. Click Finish.

  8. Copy your Identity Provider metadata URL, and provide this to the HYPR team.

  9. Click View Setup Instructions on the next page.

  10. Copy the Identity Provider Single Sign-On URL and the X.509 Certificate and paste it into your HYPR SP configuration file. This file is provided by the HYPR deployment team. Your HYPR team can finish the HYPR SAML configuration with this information.

HYPR Identity Provider (IdP) Configuration

  1. Login to your Okta Service Portal.

  2. Open the Security drop-down menu and choose Identity Providers.

  3. Open Add Identity Provider and select Add SAML 2.0 IdP.

  4. In General Settings section, add a Name. It can be any value, and is used following creation to identify the IdP.

  5. Under Authentication Settings, complete the fields as follows:

    • IdP Username: idpuser.subjectNameid
    • Match against: Okta Username
    • If no match is found: Redirect to the Okta login page

This video provides an overview of the HYPR and Okta integration: