This guide walks the user through configuring SSO Authentication with Okta. Learn more about Automated Device Enrollment Settings here: Automated Device Enrollment Settings
- Log into the Admins portal in your Okta go to Applications > Applications > Create App Integration
-
Choose the SAML 2.0 app option
-
Name your app, set up a logo if you wish, and click Next.
-
From the Addigy console, go into the desired Automated Device Enrollment Policy settings and go to End-User Setup Assistant Experience > Authentication Type > SSO Authentication. The following information will be displayed:
-
Paste the Entity ID information into the Audience URI (SP Entity ID) in Okta, and paste the ACS URL into the Single sign-on URL field in Okta under SAML Settings:
- Under Attribute Statements set the following:
- email > user.email
- firstName > user.firstName
- lastName > user.lastName
-
Click Next at the bottom of the page and then Finish. This will redirect you to the application overview.
-
Under Sign On > Settings > SAML 2.0, copy the Issuer url and the Single Sign On URL and paste them into the corresponding field in the Addigy ADE setting:
-
Scroll down to SAML Signing Certificates in Okta and click on the Actions dropdown next to the SHA-2 Certificate and click Download Certificate:
-
Once the certificate is downloaded, right click on it in Finder and rename the file so it ends in .pem instead of a .cert. Approve the extension change by clicking Use .pem in the following prompt:
-
In Addigy go to the ADE policy and upload the certificate with the .pem file ending we just made:
-
Save the Addigy profile.
-
In Okta, assign any users or group of users you want to be able to enroll into Addigy using SSO Enrollment Customization. If a user is not assigned to the Application in Okta, they will not be able to complete enrollment into Addigy.