How to setup Yotascale SSO with Okta using the SAML Auth provider

Currently Yotascale provides support for Google Auth, SAML or Okta OpenID authentication, with a limitation of only 1 Authentication Provider at any given point in time. This guide focuses on setting up Okta as your IdP using Yotascale's SAML authentication provider.

Yotascale - Retrieve SAML Auth data:

Login to Yotascale with a user account that has Admin Role access
In top right hand corner select the round circle with the users initials
Select Manager Users
Select Manage Auth Provider tab
Select "+ New Auth"
From Auth Provider drop down select SAML
Enter an Organization name
1. This is required in order to create the URLs.
At bottom of page copy and save the Redirect/ACS URL:
1. Example: https://rest-api.demo-prod.yotascale.io/login/organization/sandbox/auth/saml/authorized
Keep the page open

Okta - Create Application

Login to Okta
Select Applications
Click on the button "Create App Integration"

Select "Next"
Enter App name

Example: "Yotascale"

Add App logo if required
Select Next
SAML Settings
1. Enter the saved data of Redirect/ACS URL from Yotascale
1. Enter the https://domainname.com from saved data of Redirect/ACS URL from Yotascale

For Single Sign on URL:
For Audience URI (SP Entity ID) :

Select "EmailAddress" as Name ID format
Select "Email" as Application username
Add these three attribute statements in the attribute section with Name Format "Unspecified":

"email" set to "user.email"
"first_name" set to "user.firstName" (optional)
"last_name" set to "user.lastName" (optional)

Under Feedback, for "Are you a customer or partner" select "I'm an Okta customer adding an internal app"
Select Finish
Under Sign On tab for the new application

Select "View Setup Instructions"
Copy and save the Identity Provider Single Sign-On URL
Copy and Download the X.509 Certificate

Assign users/groups to the application

Yotascale - Complete SAML Auth Provider configuration

You should still be logged in and on the SAML Auth Provider configuration page

If not, login again to Yotascale with a user account that has Admin role access
Follow the same steps to add a new SAML Auth provider as described above.
1. Make sure to add the same Organization name for SAML

Enter the following information:
1. As an example enter {{organization name}}.com
1. Enter the Identity Provider Single Sign-On URL from Okta Application recorded earlier
1. Paste the X.509 Certificate from Okta Application recorder earlier
1. Enabled - When user authenticates through Okta, the user account will automatically be created in Yotascale User list.
2. Disabled - User accounts first needs to be manually created in Yotascale.
1. Admin/Power User/Tag Admin/User

Organization name already entered
Entity ID
SSO URL
IDP Certificate
Auto Provisioning
Default Provision Role

Select Create New Auth
In order to verify the Auth provider, a user account needs to be created manually in Yotascale that matches the user that has permissions to the Yotascale application in Okta.
1. Admin/Power User/Tag Admin/User

Under Manage Users tab, select User List
Select "+ New User"
Enter the First Name
Enter the Last Name
Enter the email address that matches the email address of the user that has access to the Okta applications.
Select Applicable role based on your requirements
Select "Yotascale" from dropdown for Auth.
Select "Create User"

Under Manage Users tab, select the Manage Auth Provider tab

For the SAML Auth Provider select "Verify auth Provider"
This will open the Okta login page
Login with same user account that has access to the Okta Application and was created manually in Yotascale.
The successful login should verify the Auth Provider.

Under Manage Users tab, select User List

For the manually created user, select the Auth dropdown and change value from Yotascale to the SAML Auth provider name.
Select "Save Changes"

Configuration is now complete and users should be able to login via Okta successfully.
If you run into any issues, please contact our support team.

Related articles