Single Sign-On with Okta

IDrive^® e2 users can access their accounts using Single Sign-On (SSO). Administrators can choose a SAML 2.0 identity provider (IdP) to enable login to IDrive^® e2 without the need to remember an additional password.

To set up Single Sign-On (SSO) with Okta, the admin needs to:

• Create an app on the Okta console
• Assign users
• Configure IDrive^® e2 account for Single Sign-On (SSO)

Create an app on Okta Console

Create an app on the Okta console and use it as an identity provider for SSO.

To create the app,

1. Log in to the Okta console using your Okta account credentials.
2. Click 'Admin' to navigate to the admin console.
   
3. Navigate to 'Dashboard' > 'Applications' > 'Applications'.
   
4. Click 'Browse App Catalog'.
   
5. Enter IDrive^® e2 in the search bar.
   
6. Click 'Add integration'.
   
7. You will be directed to the 'General Settings'. Click 'Done'.
   
8. Navigate to 'Sign-On' and click 'More details'. Copy the 'Metadata URL' and 'Sign on URL' and paste them into IDrive^® e2 SSO settings. Click 'Download' to download the certificate.
   

Assign users

To enable SSO for user accounts, the admin needs to assign users to the new app on the Okta console.

To assign users,

1. Launch the new app on Okta console.
   
2. Click 'Assign'.

Configure IDrive^® e2 account for Single Sign-On (SSO)

Admin needs to provide the received SAML 2.0 URLs and Certificate in the Single Sign-On application from the IDrive^® e2 web interface.

To configure SSO,

1. Sign in to IDrive^® e2 via web browser.
2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)'.
3. Enter a name for your SSO profile.
4. Enter the Issuer URL and SSO Endpoint.
5. Upload the X.509 certificate received from your IDP.
   Note: X.509 certificate should only be in X.509 certificate should only be in .pem, .txt, .cer, and .cert format.
6. Click 'Configure Single Sign-On'

You will receive a confirmation email once SSO is enabled for your account.

Administrators of IDrive^® e2 can now set up provisioning for their users and groups from the identity provider. IDrive^® e2 supports the SCIM (System for Cross-domain Identity Management) provisioning method for this purpose.

To setup Single Sign-On (SSO) provisioning with Okta, the admin needs to:

• Generate SCIM provisioning token with IDrive^® e2 account
• Configure SCIM provisioning
• Assign users / groups

Generate SCIM provisioning token with IDrive^® e2 account

Admin needs to generate and use the SCIM (System for Cross-domain Identity Management) provisioning token to sync all the users linked with their IdP to the IDrive^® e2 account.

To generate a token,

1. Sign in to IDrive^® e2 via web browser.
2. Navigate to the 'Dashboard' > 'Settings' > 'Single Sign-On (SSO)'.
3. In the SSO section, click the 'Generate Token' button under 'Sync users from your identity provider' to generate a token.
4. Click the 'Copy Token' button to copy and save the token for future reference.
   The token will be required to sync all the users linked with your IdP to your IDrive^® e2 account.
   
5. Configure the following SCIM User provisioning URL in your IdP:
   https://api.idrivee2.com/api/sso/user_provisioning

Configure SCIM provisioning

Once the app is created, admin can configure their account for SCIM provisioning.

To configure SCIM provisioning,

1. Log in to the Okta console using your Okta account credentials.
2. In the 'Applications', click on the newly created app.
   
3. Navigate to 'General', click 'Edit' corresponding to the 'App Settings', and select 'SCIM'. Click 'Save'.
   
4. Go to the 'Provisioning', click 'Edit' against the 'SCIM Connection' and modify the required changes as below:
   
   • SCIM connector base URL:
     https://api.idrivee2.com/api/sso/user_provisioning
   • Unique identifier field for users: email
   • Supported provisioning actions: Click and enable the below options:
     
     1. Push New Users
     2. Push Profile Updates
     3. Push Groups
   • Authentication Mode: HTTP Header
   • Authorization: Enter the SCIM provisioning token generated on your IDrive^® e2 account
5. Click 'Save'.
   
6. Under the 'To App' tab, click 'Edit' against the 'Provisioning to App' option.
7. Click the 'Enable' to enable the below options:
   • Create Users
   • Update User Attributes
   • Deactivate Users
8. Click 'Save'.
   

Assign users

To start provisioning, an admin needs to assign users/groups to the application and push groups.

To assign users,

1. Launch the new app in Okta console.
2. Go to the 'Assignments', click 'Assign', and select 'Assign to People' or 'Assign to Groups' to provision users or users in the group, respectively.
   
   This will provision users and users in the group.

Note: If you want to add new users, go to 'Directory' > 'People' and click 'add person'.