SSO with Okta

Overview

This article introduces how to Single Sign-on (SSO) Kintone with Okta (External link) - a cloud service for identity and access management.

What is Okta?

Okta is an integrated authentication platform service that provides cloud ID, single sign-on (SSO), and multi-factor authentication (MFA). Okta offers a customizable, secure, and drop-in solution to add authentication and authorization services to applications. Users can also configure rules, customize the sign-in page, and monitor services from Okta's built-in reports.

Notes for Administrators

  • If the Require SAML authentication option is enabled, it is possible to log in to Kintone with a single sign-on authentication method using the Okta service.
  • The SAML redirect can be bypassed by placing saml=off in the parameter of the login URL. For more information, refer to the URL to Skip SAML Authentication (External link) article on the Kintone Help site.
  • Okta username and corresponding Kintone login name must be the same.
  • Kintone's SAML authentication acts as SP-initiated SSO.

Configure Okta Settings

Part 1: Create and configure applications

  1. Click the Admin button to open Okta's administration dashboard.
  2. Select the Applications section.
  3. Select the Applications sub-section and click the Browse App Catalog button.
  4. Search Kintone in the search box.
  5. Click on the Add Integration button.
  6. Enter the required information. Then click the Done button.
    • Application label: Enter a name for the application.
      • Example: Kintone
    • Domain Name: Enter Kintone's URL.
      • Example: https://SUBDOMAIN.kintone.com
  7. From the Sign On tab, scroll down the page, and click the View SAML Setup Instructions button.
  8. Copy the following information from the Okta SAML Setup Instructions page. They will be required for configuring Kintone's SAML settings.
    • Login URL
    • Logout URL
    • Certificate: Download the certificate file from the specified URL.

Part 2: Assign users

  1. Sign in to Okta.
  2. Open the application created in Part 1.
  3. Select the Assignments tab.
  4. Click the Assign drop-down button. Then select the Assign to People option.
  5. Search for users to enable Kintone integration, then click the Assign button.
  6. After selecting users, click the Done button.

Configure Kintone Settings

For more information on how to set Identity Provider (IdP), refer to the STEP 2: Configuring SAML Authentication for Kintone (External link) article on the Kintone Help site.

  1. Log in to Kintone and navigate to the Users & System Administration setting page.
  2. Under the System Administration section, select the Login menu.
  3. Check the Enable SAML authentication check box.
  4. Enter the following information gathered from the Okta SAML Setup Instructions page during the Configure Okta Settings > Part 1 > Step 8 :
    • Login URL
    • Logout URL
  5. Click the Browse button under Register certificate. Upload the Okta certificate file.
  6. Click the Save button.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone.

A login screen of Okta will be displayed. Logging into this page will also log the user into Kintone.