|| Log in to the Service Provider (Cisco Unified Communications Manager) and download the metadata XML file.|
||Log in to the Okta server user interface and click Admin tab.|
||From the Okta dashboard, select .|
||From the Applications window, click the Add Application button. Various options to create an application or to choose from existing applications appear. |
||Click Create New App to use wizard to create new application integration.|
||On the Create a New Application Integration window, from the Platform drop-down list, choose Web and for the Sign On method field, choose SAML 2.0. |
||Enter a name for the application and click Next.|
||On the Create SAML Integration window, enter the details for fields of the General Settings tab, and click Next.|
||Enter details for the following mandatory fields for SAML Settings. These details are available in the metadata XML file that you downloaded from the Service Provider. |
- Single sign on URL—From the metadata file, enter the SSO URL of the publisher node. You can find this by searching for the information on index 0 of the AssertionConsumerService and enter the details for this field.
- Use this for Recipient URL and Destination URL—Check this option to enable matching of the recipient and destination URLs.
- Allow this app to request other SSO URLs—Check this option if you have multiple nodes in your UC deployment and you want to allow requests from other SSO URLs besides the publisher.
- Requestable SSO URLs—This field appears only if you check the above check box. You can enter SSO URLS for your other nodes. You can find the ACS URLs in the metadata file by searching for all the AssertionConsumerService (ACS) addresses that use the HTTP-POST Binding. Add those details for this field. Click the Add Another button to add multiple URLs.
You do not need to add HTTP-Redirect URLs to this field.
- Audience URI (SP Identity ID)—From the metadata file, search for the entityID address and enter the details for this field.
- Name ID Format—Choose Transient from this drop-down list.
- Application username—Choose the username format that matches the UserID field that is available in the Cisco Unified Communications Manager cluster.
||(Optional) Enter the attribute UID to the Cisco Unified Communications Manager cluster.
Ensure that the attribute UID value matches the userID field value that is available in Cisco Unified CM Administration on the String.substringBefore(user.email, "@") .
page. Following is an example where the userID is mapped to sAMAccountName via a UID string of
Figure 1. Sample UID Mapping
||On the Feedback tab, select “I'm a software vendor. I'd like to integrate my app with Okta” and click Finish.|
||On the Import tab, assign the users or groups that you want to enable, and click Done.|
||On the Sign On tab, click the Identity Provider metadata link to download the Okta metadata file.|
||Open the downloaded metadata file, change the two lines of NameIDFormat to <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>, and then save the file.|