SSO with Okta

Overview

This article introduces how to Single Sign-on (SSO) Kintone with Okta (External link) - a cloud service for identity and access management.

What is Okta?

Okta is an integrated authentication platform service that provides cloud ID, single sign-on (SSO), and multi-factor authentication (MFA). Okta offers a customizable, secure, and drop-in solution to add authentication and authorization services to applications. Users can also configure rules, customize the sign-in page, and monitor services from Okta's built-in reports.

Notes for Administrators

  • If the Require SAML authentication option is enabled, it is possible to log in to Kintone with a single sign-on authentication method using the Okta service.
  • The SAML redirect can be bypassed by placing saml=off in the parameter of the login URL. For more information, refer to the URL to Skip SAML Authentication (External link) article on the Kintone Help site.
  • Okta username and corresponding Kintone login name must be the same.
  • Kintone's SAML authentication acts as SP-initiated SSO.

Configure Okta Settings

Part 1: Create and configure applications

  1. Click the Admin button to open Okta's administration dashboard.
    • Screenshot: How to open Okta's Administrator Dashboard

  2. Select the Applications section.
    • Screenshot: The screen of Administrator Dashboard

  3. Select the Applications sub-section and click the Browse App Catalog button.
    • Screenshot: The screen of Applications

  4. Search Kintone in the search box.
    • Screenshot: The screen of Browse App Catalog

  5. Click on the Add Integration button.
    • Screenshot: The Add Integration button

  6. Enter the required information. Then click the Done button.
    • Application label: Enter a name for the application.
      • Example: Kintone
    • Domain Name: Enter Kintone's URL.
      • Example: https://SUBDOMAIN.kintone.com
    • Screenshot: The screen of add Kintone

  7. From the Sign On tab, scroll down the page, and click the View SAML Setup Instructions button.
    • Screenshot: The screen of Sign On tab

    • Screenshot: The screen of View SAML Setup Instructions

  8. Copy the following information from the Okta SAML Setup Instructions page. They will be required for configuring Kintone's SAML settings.
    • Login URL
    • Logout URL
    • Certificate: Download the certificate file from the specified URL.
    • Screenshot: SAML integration

Part 2: Assign users

  1. Sign in to Okta.
  2. Open the application created in Part 1.
  3. Select the Assignments tab.
    • Screenshot: The screen of assignments tab

  4. Click the Assign drop-down button. Then select the Assign to People option.
    • Screenshot: The screen of Assign drop-down

  5. Search for users to enable Kintone integration, then click the Assign button.
    • Screenshot: The screen of Assign Kintone to People

  6. After selecting users, click the Done button.
    • Screenshot: The screen of Assign Kintone to People - done

Configure Kintone Settings

For more information on how to set Identity Provider (IdP), refer to the STEP 2: Configuring SAML Authentication for Kintone (External link) article on the Kintone Help site.

  1. Log in to Kintone and navigate to the Users & System Administration setting page.
  2. Under the System Administration section, select the Login menu.
    • Screenshot: The screen of the Login menu

  3. Check the Enable SAML authentication check box.
  4. Enter the following information gathered from the Okta SAML Setup Instructions page during the Configure Okta Settings > Part 1 > Step 8:
    • Login URL
    • Logout URL
    • Screenshot: The screen of SAML Authentication's login and logout URL

  5. Click the Browse button under Register certificate. Upload the Okta certificate file.
    • Screenshot: The screen of SAML Authentication's certificate browse button

  6. Click the Save button.

Test the SSO

After completing the settings, close all browsers and try accessing Kintone.

A login screen of Okta will be displayed. Logging into this page will also log the user into Kintone.