This guide walks the user through configuring SSO Enrollment Authentication with Okta. Learn more about Automated Device Enrollment Settings and how to Configure SSO Enrollment in Addigy.
Note: To configure Addigy (platform) SSO, refer to Enabling The Addigy Log-In Experience With Okta SSO (SAML)
- Log into the Admins portal in your Okta go to Applications > Applications > Create App Integration
Choose the SAML 2.0 app option
- Name your app, set up a logo if you wish, and click Next.
- From the Addigy console, go into the desired Automated Device Enrollment Policy settings and go to End-User Setup Assistant Experience > Authentication Type > SSO Authentication. The following information will be displayed:
Paste the Entity ID information into the Audience URI (SP Entity ID) in Okta, and paste the ACS URL into the Single sign-on URL field in Okta under SAML Settings:
- Scroll down to the bottom of the page and click next. Scroll down and click finish. This will redirect you to the application overview.
- In your Application navigate to Sign On and scroll down to Attribute Statements. Open the drop down menu of legacy configuration and click edit for the profile attribute statements.
- Set the following:
- email > user.email
- firstName > user.firstName
- lastName > user.lastName
- Click Save.
- Under Sign On > Settings > SAML 2.0, copy the Issuer and the Sign On URL and paste them into the corresponding field in the Addigy ADE setting:
Scroll down to SAML Signing Certificates in Okta and click on the Actions dropdown next to the SHA-2 Certificate and click Download Certificate:
Once the certificate is downloaded, right click on it in Finder and rename the file so it ends in .pem instead of a .cert. Approve the extension change by clicking Use .pem in the following prompt:
-
In Addigy go to the ADE policy and upload the certificate with the .pem file ending we just made:
Save the Addigy profile.
In Okta, assign any users or group of users you want to be able to enroll into Addigy using SSO Enrollment Customization. If a user is not assigned to the Application in Okta, they will not be able to complete enrollment into Addigy.