Follow

Okta SAML

This article will detail how you can use Okta SAML with your FTP Today account.

You will need two browser windows/tabs for these steps.

Create the Identity Service at FTP Today

Log into your FTP Today Site.  Navigate to Settings…Authentication…Identity Service. Click on Add Service.

image001.png

Enter a name for the New Service and select “Okta SAML” as the provider and Save.

image002.png

 

Create the Application at Okta

On your FTP Today Site, locate the configuration information.

image003.png

Log into your Okta portal. Be sure you are in Classic UI view. Select Applications and Add Application.

image004.png

Select Create New App

image005.png

Select Web, SAML 2.0 and Create.

image006.png

Enter a name for the application. Download the logo from your FTP Today Site and upload to Okta. Then select Next.

 

image007.png

Copy the Single sign on URL and Audience URI from your FTP Today Site to Okta and select Next.

image008.png

Provide answers the feedback questions to Okta and select Finish.

Configure the Identity Service at FTP Today

In the Okta portal, select Sign On and View Setup Instructions.

image009.png

Locate the configuration values.

image010.png

Copy the Single sign on URL, Issuer and Certificate from the Okta site into your FTP Today Site and Save.

image011.png

Assign the user to the application at Okta

In Okta, select Assignments, Assign and Assign to People.

image012.png

Locate the user to have access and select Assign, confirm the assignment and select Done.

image013.png

Add the user at FTP Today

In your FTP Today site, navigate to the Users area and select Add User.

image014.png

Enter the username as set up in the Okta service and select the Okta SAML service you created.  Complete the rest of the fields as needed and Save.

image015.png

If the user already exists in your FTP Today site, you may change these settings on the Authentication tab for the user.

User access through FTP Today

Navigate to the site and enter the username and click Next.

image016.png

There will be a brief “Authenticating” message. 

image017.png

If the user does not have an open session with Okta, they will have to authenticate.

image018.png

The user will now be logged into your FTP Today Site.

User access at Okta

Access the Okta portal.  On the home screen, the user can click on the FTP Today application.

image019.png

 

Ending the session

When done, the user may log out of the FTP Today site or allow the session to expire.  This will not log the user out of Okta or any other services authenticated through Okta. 

Okta does not support Global Logout for authenticated applications. Logging out of Okta directly will not log the user out of the FTP Today; The normal session timeout will apply.

The session timeout on the FTP Today Site may log the user out of the site even if they are still logged in at Okta.  In that case, after entering their username they will be immediately authenticated to the site.

Encrypting the SAML response

This is an advanced setting required for FIPS compliance. At your FTP Today Site, navigate to the Identity Service, toggle the “Encrypt Assertion” to on and Save.

image020.png

You will now see an Encryption Certificate link near the page bottom. Download and save the Certificate.

image021.png

 

At your Okta site, navigate to the FTP Today application. Select General and SAML Settings Edit.

image022.png

Select Next.

image023.png

 

Select Show Advanced Settings.

image024.png

Upload the certificate and select Next.

image025.png

 

Provide answers the feedback questions to Okta and select Finish.

 

Automatic User Provisioning

In your FTP Today Site, navigate to the configuration page for the Identity Service. Enable the “Create User on First Login” option and Save.

image026.png

 

When the user logs into your FTP Today Site using the link from their “My Apps” page, the user will be automatically created.  The user will have access to the site, but no permissions to files.  You will need to give the user permission to the desired folders.

The user’s name and email may be populated with values provided from Okta.

At your Okta site, navigate to the FTP Today application. Select General and SAML Settings Edit.

image027.png

Select Next.

In the attributes section, add the following for Name, Name format and Value.

Name

Name format

Value

urn:oid:0.9.2342.19200300.100.1.3

URI Reference

user.email

urn:oid:2.5.4.42

URI Reference

user.firstName

urn:oid:2.5.4.4

URI Reference

user.lastName

 

image028.png

Provide answers the feedback questions to Okta and select Finish.