Okta App

Updated 1 month ago by Elvis Hovor

Introduction

Secure and reliable access to the TruSTAR platform is critical for today’s enterprise teams, and TruSTAR has developed an Okta app to achieve this goal. This article provides a description of the Okta app, and steps required to configure it.

SSO Overview

We are using SAML 2.0 standard to enable SSO with Okta. You can learn more about Okta’s SAML documentation here (https://developer.okta.com/standards/SAML/index). For the purpose of our SSO implementation please keep in mind the following:

IDP - Identity Provider. In our implementation Okta serves as the IDP. For other configurations please contact support@trustar.co

SP- Service Provider. In our implementation TruSTAR is the Service Provider.

Configuration

TruSTAR uses SAML 2.0 to provide SSO capabilities where Okta serves as the Identity Provider (IDP). 

Configuration of Okta SSO is a 3 step process. You will need an Okta Administrator account to complete these steps.

Step 1 - Send TruSTAR the IDP Metadata URL

  1. Download the TruSTAR app from Okta application network. Click on the “Add Apps” button on the top right to start the process.
  2. Search for “TruSTAR” in the Search bar on the left and you should see TruSTAR app show up. Click on “Add” button.
  3. If you are not in Admin mode, click on the “Admin” button on the top right.
  4. Click on “Applications” tab in the top menu.
  5. You should see the TruSTAR app listed. Click on link.
  6. Click on the “Sign On” tab in the top menu bar.
  7. Click on the “Identity Provider metadata” link. This will download a metadata file.
  8. Email the metadata file to okta@trustar.co
  9. Your Okta SSO configuration will be enabled within 24 hours of receiving this metadata file. We will send you a confirmation and you can then proceed to Step 2.

Step 2- Enable Users on Okta

  1. Log into Okta as Admin.
  2. Click on Directory -> People tab
  3. If user exists, click on their name and assign them the TruSTAR app.
  4. If user doesn’t exist, create a new user. Their Okta username has to be the exact email address they use for their TruSTAR station login.

Step 3.a. - Enable SSO for existing user(s) on TruSTAR

You can follow these steps if a user already exists on TruSTAR. Go to Step 3.b. If you are creating a new user on TruSTAR and also want to enable SSO for them.

  1. Log into TruSTAR station (https://station.trustar.co) using a Company Administrator account.
  2. Go to User account management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users , or click on username tab (top right) -> Settings-> Users.
  3. For each user that you want Okta SSO enabled click on the “Edit” (rightmost column in the table)
    1. Then click on “SSO Enabled” and “Save User” button.
After you enable SSO for a specific user they will no longer be able to use their username/password to log into TruSTAR Station. If you disable SSO for a user they will automatically be sent a system generated password reset email.

Repeat #3 for all users in your company you want SSO enabled.

Step 3.b. - Enable SSO for new user(s) on TruSTAR

  1. Log into TruSTAR station (https://station.trustar.co) using a Company Administrator account.
  2. Go to User account management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users , or click on username tab (top right) -> Settings-> Users.
  3. Click on “Add Users” button.
  4. Create the new user. Use the same email address as the one used for their Okta login/SSO.
  5. Click on Save User.
  6. Click on Send Confirmation link for that user. You can find this under Status column.
  7. After the user activates their account, you can follow instructions in Step 3.a.

Using the TruSTAR Okta App

After the Configuration steps are complete all assigned users should see the TruSTAR app tile when they log into their Okta account.

At this point users can click on the app tile and they will be directly logged into TruSTAR Station.

Troubleshooting & FAQ's

  • API Credentials - Okta SSO does not impact your API credentials. They will remain unchanged. Usage of Python SDK or any other vendor integrations will remain unaffected when you switch a user from non-SSO to SSO enabled.
Please reach out to support@trustar.co for any additional questions.


How Did We Do?