You can use Okta as your identity provider to authenticate users to MadKudu. MadKudu supports SAML SSO initiated from both Okta (identity provider) and MadKudu (service provider).
- Your company is on an Enterprise plan with MadKudu
- You have a MadKudu account with Admin permissions
- You have your MadKudu tenant number
- Your company has an existing Okta account to set up SAML SSO
- You have Admin permissions of your company's Okta account
Single sign-on allows you to log in to your company's MadKudu account using your Okta company credentials. A connection is made between Okta, the identity provider (idP), and MadKudu, the service provider (SP), to allow users to directly connect to their MadKudu account.
Once you configured your company Okta account with MadKudu, you can follow these instructions to manage users.
1. Add the MadKudu custom app to Okta
- In Okta console, go to Applications.
- Click Add Application.
Click Create New app.
- Platform: Web
- Sign on method: SAML 2.0
Click Create. This will take you to the General Settings page.
- App Name: You can give the app the name of your choice, something that will identify this as the MadKudu app for you on the Okta side, eg. MadKudu.
- (Optional) App logo: Upload the MadKudu logo if desired
- (Optional) App visibility: Check these options if you don’t want to show the MadKudu custom app to show to your users in Okta.
Click Next. This will take you to the Configure SAML page.
- Single sign on URL: https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number which can be provided to you firstname.lastname@example.org
- Check Use this for Recipient URL and Destination URL
- Leave Allow this app to request other SSO URLs unchecked
- Audience URI (SP Entity ID): https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number which can be provided to you email@example.com
- Default RelayState: Leave blank.
- Name ID Format: Select EmailAddress.
- Application username: Select Okta username.
- Click Show Advanced Settings.
- Response: Choose Signed.
- Assertion Signature: Choose Unsigned.
- Signature Algorithm: Choose RSA-SHA256.
- Digest Algorithm: Choose SHA256.
- Assertion Encryption: Leave as Unencrypted.
- Enable Single Signout: Leave unchecked.
- Authentication context class: Choose PasswordProtectedTransport.
- Honor Force Authentication: Choose Yes.
- SAML Issuer ID: Leave blank.
Preview the SAML Assertion: You can click to preview the SAML assertion.
This will take you to the Okta feedback page. Enter your feedback if desired and click Next.
2. Set up Okta in the MadKudu app
Now that you have set up MadKudu in Okta, you will need to set up Okta in MadKudu for the two applications to create a trusted relationship with each other to allow communication.
You will need to provide MadKudu the Okta's Identity Provider URL automatically generated in Okta following these instructions.
- In Okta Console, go to Applications.
- Click on the MadKudu app you have just created.
- Click the Sign On tab.
- Click View Setup Instructions to review Okta setup instructions to configure SAML 2.0 for MadKudu.
- Keep this page open, you'll need to copy the URLs and certificate and paste them in MadKudu App.
Open a new page to go to MadKudu App (app.madkudu.com),
Go to Settings
Click on the Authentication tab
Select Okta in the Enforce SSO picklist
Paste in the form the
Identity Provider Single Sign-On URL
Identity Provider Issuer
Nice! Now MadKudu will be able to recognize your Okta account.
Now you need to assign users to the MadKudu app both in Okta and in MadKudu. Please follow both steps here