How to configure SSO with Okta

Single sign-on (SSO) is an authentication process that allows for the same pair of credentials (i.e., username - password) to be used across multiple systems. eFront offers many options for SSO implementation. One of those is through the Okta identity management services.

If you are looking to configure user provisioning with Okta through the SCIM please review this guide here.

A. Enable SAML in eFront

1. Sign in to your eFront account as Administrator and go to Home > System settings > Single Sign On.

2. Go to the SAML (1) tab and check Enable SAML support (2).

Note: Check Create user if no match was found (3) if you want a new user to be added automatically every time the system cannot find a match after a log-in attempt. Otherwise, leave it unchecked.

B. Activate the eFront App in Okta

1. Sign in to your Okta account and click Admin (1).

2. On the right-hand panel, in the Shortcuts section, click Add Applications (2).

3. In the search field, type eFront and, on the drop-down results list, click the eFront logo (3) or the respective Add button.

4. On the Add eFront page, type the Domain (4) (i.e., the full URL) of your eFront portal and click Done (5) to confirm your settings.

Note: Make sure the value in the Domain field is correct. If not, users cannot access your eFront portal via SAML.

C. Assign users to the eFront App in Okta

1. Return to the Admin page and click Assign Applications (1) in the Shortcut section.

2. From the Applications panel, choose eFront.

3. From the People panel choose at least one user.

4. Click Next (2) to proceed.

5. Review your assignment details and click Confirm Assignments (3).

6. To double-check that everything is properly set and SAML is enabled, go to the Applications (4) page and click eFront (5).

If SAML 2.0 is enabled, there's a green handshake symbol (6) next to the Active button. In the Assignments tab, there's a list of the people you have assigned to the eFront app.

D. Get your Okta configuration data

1. On the eFront page, go to the Sign On (1) tab.

2. Click View Setup Instructions (2) to open the "How to Configure SAML 2.0 for eFront" page.

3. On the instructions page, go to Step 3 and note down the following values:

Identity Provider (3)
Certificate fingerprint (4)
Remote Sign-in URL (5)

4. Go back to the Sign On tab on the eFront page, and click Edit (6).

5. In the Audience URI (7) field, type your eFront domain without an HTTP:// or HTTPS:// prefix.

6. Click Save to update your settings.

E. Configure SAML with Okta in eFront

1. Return to your eFront account and go to Home > System settings > Single Sign On.

2. Go to the SAML tab and paste the Okta configuration date in the respective fields (1):

Identity Provider
Certificate fingerprint
Remote Sign-in URL

3. In the rest of the fields, type the following values:

TargetedID (2): Username
First Name (3): Firstname
Last Name (4): Lastname
Email (5): Email

4. Click Save.

Note: The Remote Sign-out URL field is not required. If necessary, type the following value: https://[your_okta-domain]/login/signout?fromURI=http://[your_efront_domain]/logout/1.

F. Sign in to your eFront account through Okta

1. Sign out of your eFront account.

2. If your settings are properly configured, there's a Sign in with SAML (1) option on your eFront log-in page. Click it.

3. You're taken to the Okta log-in page. Type your Okta credentials in the respective fields and click Sign in.

You're now logged in to your eFront portal.

Note: For further details on integrating Okta with eFront, this article.

G. Configure custom fields to pass with Okta

To configure custom, extended user profile fields to pass via Okta, follow the steps below:

1. Go to Applications (1), find and click on the created eFront (2) application.

2. Switch to the Sign On (3) tab and then click Edit (4).

3. Click Learn More (5) to open the Attributes section and start adding your custom fields (6). Click Add Another (7) to continue adding fields.