Single sign-on with Okta via SAML

Configure Okta as a sign-in option for Medallia Ideas

Configure Okta for Medallia Ideas

This task requires an Okta administrator account.
Perform this task before configuring Medallia Ideas for Okta.
  1. Sign in to Okta with an administrator account and go to Admin > Developer Console > Classic UI.
  2. Add a new application.
    Click Add Applications (under Shortcuts to the right side of the screen), then click Create New App and choose these options:

    • Platform: Web

    • Sign on method: SAML 2.0

    Okta > Create a New Application Integration dialog with Platform named 'Web' and SAML 2.0 selected
  3. Click Create.
  4. Name the application.

    Enter a name for your new App (e.g., Crowdicity) and optionally upload an image.

    Okta options: App name is 'Crowdicity'
  5. Click Next.
  6. Configure the properties.
    Complete the following fields; click Show Advanced Settings to display all the fields.
    • Single Sign On URL: (based on your community URL)
      https://[yourcommunity.crowdicity.com]/saml/module.php/saml/sp/saml2-acs.php/crowdsaml2

    • Use this for Recipent URL and Destination URL: Select this.

    • Audience URI (SP Entity ID): (based on your community URL)
      https://[yourcommunity.crowdicity.com]/saml/module.php/saml/sp/metadata.php/crowdsaml2

    • Name ID format: Transient

    • Application username: Email

    • Responses: Set this to Unsigned.

    • Assertion Signature: Signed

    • Signature Algorithm: RSA-SHA256

    • Digest Algorithm: SHA-256

    • Assertion Encryption: Unencrypted

    General options

  7. Set the Assertions.
    In the Attribute Statements (Optional) section, configure the Okta claims. Medallia Ideas has required assertions that minimally need to be set for the SAML configuration to operate correctly. The screenshot below with the highlighted fields is based on the Simple schema for user identities. Minimally set these values:
    • Mail = user.email
    • FirstName = user.firstname
    • LastName = user.lastname

    You are also able to pass additional assertions into dynamic groups (e.g., Department and City). See Dynamic groups for more information.

    Okta attributes statements
  8. Click Next.
  9. Complete the questions on the final page.
  10. Click Finish.
  11. Download the Identity Provider metadata.

    Click the Identity Provider metadata link to download an XML file, which you will later upload into the Medallia Ideas community.

  12. Assign users
    Click Assignments and add the relevant people to include in the community.
You can now configure Medallia Ideas to use Okta.

Configure Medallia Ideas for Okta

Complete Configure Okta for Medallia Ideas before starting this task. This task requires the Identity Provider metadata file downloaded in that task.
  1. Go to Medallia Ideas Admin menu > Community Settings > Authentication.
  2. Click Submit your metadata > Submit new metadata.
    In the text field, paste the XML metadata from the Identity Provider metadata file you downloaded in Configure Medallia Ideas for Okta.
    Submit new metadata for desktop
  3. Click Submit.
    The screen refreshes and your endpoints appear, as in this example.
    List of metadata values
  4. Click Enable for the SAMLv2 option.
  5. Optional: Make the Okta sign-in appear first on the sign in page, change the Order option to First.
    Note the Medallia Ideas account login method can't be removed; however, it does not have to be the primary login method for your community.
    SAML v2 options, Order selector is set to First
  6. Click Save.

The Medallia Ideas sign-in screen now includes the new sign-in option..