How to configure OKTA SAML for UniversitySite SSO - Current GUI
If you are considering switching to this SSO solution instead of the out-of-the-box UniversitySite SSO, please contact Lawren Finley to find out if it's included with your subscription.
If you are looking for the classic interface instructions, you can find them here
How to Setup UniversitySite with OKTA SSO - SAML 2.0 Classic interface - UniversitySite
You can test your configuration without interrupting the existing login experience for your production users by following these instructions
https://docs.universitysite.com/article/579-how-to-test-saml-configuration-without-interrupting-production
- First, you must go to the “Login Settings” page in UniversitySite. (Make sure you are in InstructorSite. If not, click on the left-most dropdown list at the top of the page and click on “InstructorSite”). Your page in UniversitySite should look like this now.
- Now, you will drop down the menu under your name at the top right-most drop-down and click on “Global Settings”.
- Now you will see the “Global Settings” page, scroll to the bottom of this page and click on “Login Settings”.
- You will now see a page in UniversitySite that looks like this. Please click on the “Use SAML” button.
- Now login to Okta as an administrator and go to your dashboard. Click on SSO Apps.
- Now that you can click on Add Applications.
- Now, on the “Add Application” page, type in "UniversitySite" as shown (#1), hit return on your keyboard, and then click on the UniversitySite item in the list (#2).
- Now you can click on the “Add” button to set up UniversitySite in OKTA.
- You will see this now. First, type in your subdomain name (you will get this name from the UniversitySite login settings page). In this example, “okta” is the subdomain name. Next, click the Done button.
- Now, you will see this page where you can authorize people to use UniversitySite. You can do this now or after you have completed the rest of this document.
-
You have completed the initial setup part of adding UniversitySite as an application. Click the Done button.
- Now you should see a page like this. You will need to click on the “Sign On” tab and then click on the “View Setup Instructions” button.
- Now you will see a page like this that will give you the additional steps required to setup your UniversitySite application in Okta and you will be given the steps required to setup Okta in UniversitySite. (if you want to preview these steps prior to setting up UniversitySite in Okta, here is a link to a non-specific setup page: http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-UniversitySite.html). Please follow all the instructions shown on this page.
Dealing with Name Changes
You can make UniversitySite authenticate against the employeeID or some other field instead of Active Directory userName or e-mail address. First, change OKTA to send e-mail address instead of userName. Update UniversitySite's user sync to push employeeID into UniversitySite’s networkAlias field. After that sync has been performed, change OKTA to send employeeID.
This works because the identifying information sent from OKTA, translates to UniversitySite user profiles by matching on e-mail address or networkAlias.