Single Sign On (SSO) for Okta

Some basic help in getting Okta configured to work with Projector's Single Sign On implementation.

Classic UI

Make sure you switch from Okta's Developer Console to Classic UI in order to follow these instructions. The dropdown is in the upper left of the navigation bar.


Use Pre-Built Okta Connector

Projector has pre-built application in Okta. You can quickly and easily configure Okta using this. If you want to manually configure Okta, see the next section, Manually Configure Okta.

  1. Log into Okta and go to the Administration area
  2. Click Applications

  3. Click Add Application
  4. Search for "Projector" and click Add
  5. Click Next
  6. Choose the SAML 2.0 radio button
  7. Click View Setup Instructions. This opens a new web page. 

  8. Open Management Portal. Go to Integration tab | SSO Settings subsection | SAML 2.0 blue dot. Copy the account code from the end of the URL.

  9. Paste it into the Account Code field in Okta

  10. From step 3 on the setup instructions, copy the SAML2 Endpoint URL and download the okta.cert file
  11. In Management Portal click Edit SSO Settings. Paste the URL into SAML2 Endpoint URL. Click Set Certificate and upload your okta.cert file. Click Save.

  12. Set your Application username format. By default Projector expects Okta to send us an email address. The email should be the same as the user's Projector email address. If you don't want to use email addresses, you can edit users in Projector and specify the value we will receive from Okta.


Edit Pre-built Connector

If you find that you need to edit or review your pre-built connector settings, edit your application and go to the Sign On section. 


Manually Configure Okta

Basic steps:

  1. Log into Okta as administrator. 
  2. Switch to Classic UI from Developer Console.
  3. Click Applications menu
  4. Click Add Application
  5. Click Create New App
  6. Configure the application to assert your email address to Projector
    1. If your Okta username is not your email address, you'll need to create a mapping that sends your email instead of your username to Projector. This can be done from Directory | Profile Editor. See screenshot below. 

  7. Enter ACS URL and Upload x.509 Cert to Projector

    1. Go to Applications | SignOn | View Setup Instructions. A new web page will pop up. Get your ACS URL and x.509 certificate. 
    2. In Management Portal, go to Integration tab | Single Sign On subsection | SAML 2.0 blue dot
    3. Click Edit SSO Settings
    4. Enter your ACS URL in the SAML2 Endpoint URL field
    5. Click Set Certificate and upload your x.509 certificate


 



Test Your SSO

See: Single Sign On (SSO) Implementation Guide