SSO with Okta
Overview
This article introduces how to Single Sign-on (SSO) Kintone with Okta - a cloud service for identity and access management.
What is Okta?
Okta is an integrated authentication platform service that provides cloud ID, single sign-on (SSO), and multi-factor authentication (MFA). Okta offers a customizable, secure, and drop-in solution to add authentication and authorization services to applications. Users can also configure rules, customize the sign-in page, and monitor services from Okta's built-in reports.
Notes for Administrators
- If the Require SAML authentication option is enabled, it is possible to log in to Kintone with a single sign-on authentication method using the Okta service.
- The SAML redirect can be bypassed by placing
saml=off
in the parameter of the login URL. For more information, refer to the URL to Skip SAML Authentication article on the Kintone Help site. - Okta username and corresponding Kintone login name must be the same.
- Kintone's SAML authentication acts as SP-initiated SSO.
Configure Okta Settings
Part 1: Create and configure applications
- Click the Admin button to open Okta's administration dashboard.
-
- Select the Applications section.
-
- Select the Applications sub-section and click the Browse App Catalog button.
-
- Search
Kintone
in the search box. -
- Click on the Add Integration button.
-
- Enter the required information. Then click the Done button.
- Application label: Enter a name for the application.
- Example:
Kintone
- Example:
- Domain Name: Enter Kintone's URL.
- Example:
https://SUBDOMAIN.kintone.com
- Example:
-
- Application label: Enter a name for the application.
- From the Sign On tab, scroll down the page, and click the View SAML Setup Instructions button.
-
- Copy the following information from the Okta SAML Setup Instructions page. They will be required for configuring Kintone's SAML settings.
- Login URL
- Logout URL
- Certificate: Download the certificate file from the specified URL.
-
Part 2: Assign users
- Sign in to Okta.
- Open the application created in Part 1.
- Select the Assignments tab.
-
- Click the Assign drop-down button. Then select the Assign to People option.
-
- Search for users to enable Kintone integration, then click the Assign button.
-
- After selecting users, click the Done button.
-
Configure Kintone Settings
For more information on how to set Identity Provider (IdP), refer to the STEP 2: Configuring SAML Authentication for Kintone article on the Kintone Help site.
- Log in to Kintone and navigate to the Users & System Administration setting page.
- Under the System Administration section, select the Login menu.
-
- Check the Enable SAML authentication check box.
- Enter the following information gathered from the Okta SAML Setup Instructions page during the
Configure Okta Settings > Part 1 > Step 8
:
- Login URL
- Logout URL
-
- Click the Browse button under Register certificate. Upload the Okta certificate file.
-
- Click the Save button.
Test the SSO
After completing the settings, close all browsers and try accessing Kintone.
A login screen of Okta will be displayed. Logging into this page will also log the user into Kintone.