Manually configuring Okta as a SAML provider can give some additional flexibility with your Okta integration compared to using the application. This guide will cover the basic Okta SAML setup, but further customisations can be made once SAML is configured.
Throughout this guide, you will need to interact back and forth with both Deskpro and Okta. We recommend having both configuration pages open in separate tabs as you will need to switch between them often.
In Deskpro
If you are configuring the SAML application for Agents, navigate to Admin > Agents > Auth & SSO.
If you are configuring the SAML application for Users, navigate to Admin > CRM > User Auth & SSO
Scroll down to the bottom of the page, and add a new SAML Authentication application 
For the time being, enter placeholder into the Single Sign On URL field, then scroll to the bottom of the form and click Add. 
Click Manage under the new SAML Authentication application you've created, then click Configuration Settings
Make a note of the SAML Details which have been generated by the application. 
In Okta
Navigate to Applications > Applications then click Create App Integration
Select SAML 2.0 as Sign-in method, and click Next 
Name your app and click Next
Fill SAML Settings form with the following details:
Single sign-on URL - Consumer Service URL (ACS) from Deskpro SAML Details
Audience URI (SP Entity ID) - Metadata URL (Entity ID) from Deskpro SAML details
Name ID format - Email Address
Create the following Attribute Statements
Name | Name format | Value |
|---|---|---|
name | unspecified | user.displayName |
unspecified | user.email | |
first_name | unspecified | user.firstName |
last_name | unspecified | user.lastName |
(If the option does not exist in the value list, you can type it in)
If you wish to pass any additional user attributes over to Deskpro for custom fields or filtering, you will need to configure them here.
The Name column would be how the attribute is sent to Deskpro, the Name format should be unspecified, and the Value should be the attribute name in Okta.
You can get a full list of available attributes and map new attributes from the Profile Editor in Okta.
Click Next until you've completed the setup wizard.
There should now be a SAML 2.0 box under Sign on methods. click More details to expand the box. 
In Deskpro
Back in the SAML application configuration settings where you found the SAML Details in the previous step, you will now need to populate this form with the information from Okta.
Populate the following fields in Deskpro with the information provided by Okta:
Single Sign On URL - Sign on URL
Single Log Off URL - Sign out URL
Issuer XML metadata URL - Metadata URL
Download the Signing Certificate and upload it to the X.509 Certificate field
You may also want to add a Login Button Text to create a login button for testing.
Click Save to save the changes, and enable the SAML Authentication by toggling the switch. 
In Okta
You now need to assign users to the application to allow them to login to Deskpro. Click on the Assignments tab in the application, then assign people and groups to the application.
Testing
In an incognito window, go to your helpdesk (or Agent login screen). If you added a value to the Login Button Text field on your SAML configuration, there should now be a button.
Click the button to attempt to login to your helpdesk. It should direct you to Okta, and once you've signed in to Okta, you should be redirected to Deskpro logged into your account.
Syncing users
If you wish to sync users from Okta into Deskpro, please follow the Okta SCIM setup guide
Please log in or register to submit a comment.