Using this guide, will help you integrate MontyCloud DAY2™ platform with Okta.
When you integrate DAY2™ platform with Okta, you can:
Control which users have access to MontyCloud DAY2™ through Okta
Enable your users to be automatically signed-in to DAY2™ with their Okta user profile
You can manage your accounts in one central location - the Okta portal
To get started, you will need the following items:
An active Okta Single Sign-on Solution | Okta. You can create a free Workforce Identity trial here.
An active MontyCloud DAY2™ account (paid or trial) with Cloud Admin permissions.
If you don't have an active account, you can sign-up a free account here.
Before you begin
Configuring Single Sign-On between what is known in SAML terminology as an Identity Provider (IDP) and a Service Provider (SP) requires sharing information to authorize both systems to securely talk to each other. In this scenario, Okta will be the Identity Provider, and MontyCloud DAY2™ will be the Service Provider
We recommend opening two browser tabs, one for Okta poral, and another for DAY2™ portal to make this task an easier experience.
Configure SSO in DAY2™
Let us start with configuring Okta in DAY2™ by logging to MontyCloud DAY2™ portal. you need to have cloud admin permissions for your DAY2™ organization
Now, Click on the SettingsIcon on the top menu
then, Click Single Sign-On
then, Click Configure SSO
Enter a friendly name and description for your SSO configuration, then click Next
In the Service Provider Step, you can copy the metadata properties individually or click "Download metadata file". This SAML Metadata is required while working on MontyCloud DAY2™ App Integration in Okta
Note: DAY2 SAML Metadata is required for app integration in Okta
Let us now switch to the Okta Portal and start DAY2 app integration in Okta
Add MontyCloud DAY2™ app in Okta
To learn more about SaaS app integration with Okta checkout Create SAML app integrations using AIW | Okta
Sign into Okta portal with an account that has admin privileges
In the Admin Console, go to Applications > Applications
- Click Create App Integration
Select SAML 2.0 as the Sign-on method, click Next
5. Enter MontyCloud DAY2™ in App Name, you can upload our logo (optional)
6. We don't support IDP initiated logins in this release hence unselect "Do not display application icon to users" and Click Next
7.In Configure SAML -> A. SAML Settings -> General, uncheck "Use this for Recipient URL and Destination URL"
8. Enter the DAY2™ SAML Metadata from step 5 in Configure Okta SSO in DAY2 using the property mapping below
Single Sign-On URL
|Destination URL||Reply URL|
|Recipient URL||Sign-On URL|
|Audience URI (SP Entity ID)||Entity ID|
9.Select Email for "Application username"
10. In "Advanced settings" accept all the default settings unless your organization has different policies
11. Now in "Attributes Statements (Optional)" add the following and then click on Next once added
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress- Value -
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name- Value -
12. In "Feedback" Select I'm an Okta customer adding an internal app and Click Finish
13. Now go to Sign On tab and Click View SAML setup instructions. Copy the content under "Optional" and save it as XML file
Okta XML metadata is required while configuring SSO in DAY2™
User and Group Assignments
using the Assignments->Assign, make sure to add all the users and groups that need to access DAY2™ platform
Configure DAY2™ SSO
Now, we will switch back to the DAY2™portal
You should still have your DAY2 browser window/tab open at Step 2 of the Configure SSO wizard.
Click Next to proceed to the next step.
Upload the Identity Provider (Okta) Metadata file by dragging and dropping the metadata file, or click on "click to select files" to open the file browser, locate and select the metadata file.
Click Save & Continue to progress to the next step.
To verify that you are the owner of your domain, MontyCloud requires a DNS "TXT" record to be created within your domain's zone records. We can then independently query this record and complete the ownership verification process.
For each domain that you want to enable SSO, add the domain using the Enter your domain text field and Add Domain button, then proceed to add the DNS TXT entry as displayed on the screen.
Use the Verify action once you have finished adding and propagating the TXT record.
Companion support article Verifying your domain with DAY2
5. Next, if cloud Admin would like to set a default Role and Scope (DAY2™ Projects) for all their new incoming federated users into DAY2™ Platform then can choose to do so otherwise, leave this option as No. Click Save & Continue
6. Review the configuration on the Review page, then click Save to finish the SSO configuration process.
Enable SSO in DAY2™
Once you have completed all the above steps, Single Sign-On Configuration has been completed in both DAY2™ (SP) and the Identity Provider (Okta).
When you are ready to accept Single-Sign On users, you can enable the newly created SSO configuration by clicking on the toggle button Enabled, then click Enable on the pop window
Congratulations!!! You are all set with Single Sign-On access to MontyCloud DAY2™ platform.