Using this guide, will help you integrate MontyCloud DAY2™ platform with Okta.

When you integrate DAY2™ platform with Okta, you can:

  1. Control which users have access to MontyCloud DAY2™ through Okta

  2. Enable your users to be automatically signed-in to DAY2™ with their Okta user profile

  3. You can manage your accounts in one central location - the Okta portal


Prerequisites

To get started, you will need the following items:

  1. An active Okta Single Sign-on Solution | Okta. You can create a free Workforce Identity trial here.

  2. An active MontyCloud DAY2™ account (paid or trial) with Cloud Admin permissions.
    If you don't have an active account, you can sign-up a free account here. 


Before you begin

Configuring Single Sign-On between what is known in SAML terminology as an Identity Provider (IDP) and a Service Provider (SP) requires sharing information to authorize both systems to securely talk to each other. In this scenario, Okta will be the Identity Provider, and MontyCloud DAY2™ will be the Service Provider


We recommend opening two browser tabs, one for Okta poral, and another for DAY2™ portal to make this task an easier experience.


Configure SSO in DAY2 

Let us start with configuring Okta in DAY2™ by logging to MontyCloud DAY2™ portal. you need to have cloud admin permissions for your DAY2 organization 

  1. Now, Click on the SettingsIcon on the top menu

  2. then, Click Single Sign-On

  3. then, Click Configure SSO

  4. Enter a friendly name and description for your SSO configuration, then click Next

  5. In the Service Provider Step, you can copy the metadata properties individually or click "Download metadata file". This SAML Metadata is required while working on MontyCloud DAY2 App Integration in Okta  


Note: DAY2 SAML Metadata is required for app integration in Okta




Let us now switch to the Okta Portal and start DAY2 app integration in Okta

Add MontyCloud DAY2™ app in Okta

To learn more about SaaS app integration with Okta checkout Create SAML app integrations using AIW | Okta
  1. Sign into Okta portal with an account that has admin privileges

  2. In the Admin Console, go to Applications > Applications  

  3. Click Create App Integration 
  4. Select SAML 2.0 as the Sign-on method, click Next

 5. Enter MontyCloud DAY2™ in App Name, you can upload our logo (optional)

 6. We don't support IDP initiated logins in this release hence unselect "Do not display application icon to users" and Click Next

 

7.In Configure SAML -> A. SAML Settings -> General, uncheck "Use this for Recipient URL and Destination URL"

8. Enter the DAY2™ SAML Metadata from step 5 in Configure Okta SSO in DAY2 using the property mapping below


OktaDAY2

Single Sign-On URL

Reply URL
Destination URLReply URL
Recipient URLSign-On URL
Audience URI (SP Entity ID)Entity ID

9.Select Email for "Application username"

10. In "Advanced settings" accept all the default settings unless your organization has different policies

11. Now in "Attributes Statements (Optional)" add the following and then click on Next once added

  1. Name - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress - Value - user.email

  2. Name - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name - Value - user.displayName


12. In "Feedback" Select I'm an Okta customer adding an internal app and Click Finish

13. Now go to Sign On tab and Click View SAML setup instructions. Copy the content under "Optional" and save it as XML file  

Okta XML metadata is required while configuring SSO in DAY2



User and Group Assignments

using the Assignments->Assign, make sure to add all the users and groups that need to access DAY2 platform



Configure DAY2™ SSO

Now, we will switch back to the DAY2™portal

  1. You should still have your DAY2 browser window/tab open at Step 2 of the Configure SSO wizard.

  2. Click Next to proceed to the next step.

  3. Upload the Identity Provider (Okta) Metadata file by dragging and dropping the metadata file, or click on "click to select files" to open the file browser, locate and select the metadata file.

    Click Save & Continue to progress to the next step.

  4. To verify that you are the owner of your domain, MontyCloud requires a DNS "TXT" record to be created within your domain's zone records.  We can then independently query this record and complete the ownership verification process.


    For each domain that you want to enable SSO, add the domain using the Enter your domain text field and Add Domain button, then proceed to add the DNS TXT entry as displayed on the screen.


    Use the Verify action once you have finished adding and propagating the TXT record.


    Companion support article
    Verifying your domain with DAY2

5. Next, if cloud Admin would like to set a default Role and Scope (DAY2™ Projects) for all their new incoming federated users into DAY2™ Platform then can choose to do so otherwise, leave this option as No. Click Save & Continue


6. Review the configuration on the Review page, then click Save to finish the SSO configuration process.


Enable SSO in DAY2™

Once you have completed all the above steps, Single Sign-On Configuration has been completed in both DAY2™ (SP) and the Identity Provider (Okta). 


When you are ready to accept Single-Sign On users, you can enable the newly created SSO configuration by clicking on the toggle button Enabled, then click Enable on the pop window



Congratulations!!!  You are all set with Single Sign-On access to MontyCloud DAY2™ platform.