This document explains how to install and configure the Okta App to provide provide secure and reliable Single Sign On (SSO) access to the TruSTAR Web App. The Okta App uses the SAML 2.0 standard to enable SSO. You can learn more about Okta’s SAML documentation here (https://developer.okta.com/standards/SAML/index).
When using the Okta App for SSO, Okta serves as the Identity Provider (IDP) and TruSTAR is the Service Provider (SP).
Setting up TruSTAR with Okta is a three-step process:
- Install the TruSTAR App for Okta. (Note that this is different than the TruSTAR Web App.)
- Enable users in Okta.
- Enable users in the TruSTAR Web App.
Installing the TruSTAR App in Okta
- Click the Add Apps button on the top right to start the process of downloading and installing the TruSTAR App.
- Search for TruSTAR in the Search bar on the left. Click Add on the TruSTAR popup.
- If you are not in Admin mode, change to it by clicking Admin on the top right of the Okta window.
- Click on Applications tab in the top menu.
- You should see the TruSTAR app listed. Click on that link.
- Click the Sign On tab in the top menu bar.
- Click the Identity Provider metadata link. This will download a metadata file.
- Email TruSTAR Support to request activation:
- Email address: email@example.com
- Subject line format: <Your company name> - Okta metadata. For example: ABC Co - Okta metadata
- Body of email: Link to the metadata file. for example, https://dev-xxxxxx.oktapreview.com/app/xxxxx/sso/saml/metadata)
Your Okta SSO configuration will be enabled within two weeks of TruSTAR receiving this email. TruSTAR will send you a confirmation and you can then proceed to the next step in the process, enabling users in Okta.
Enabling Users in Okta
- Log into Okta as Admin.
- Click Directory in the blue menu bar, then click People on the dropdown menu.
- If the user exists, click their name and assign them the TruSTAR app.
- If the user doesn’t exist, create a new user.A new user's Okta username must be the same email address they will use when logging into the TruSTAR Web App.
Enabling SSO in the TruSTAR Web App
Users must have an account with the TruSTAR Web App before you can enable SSO for them.
- Log in to the TruSTAR Web App using a Company Administrator account.
- Go to the User Account Management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users or click User Settings in the Navigation Bar and choose Settings on the dropdown menu.
- For each user that you want to enable, click Edit (rightmost column in the table).
- Click SSO Enabled.
- Click Save User.
- Repeat steps 3-5 for each user in your company that you want to enable for the Okta SSO functionality.
Using the Okta App
After the Configuration steps are completed, users should see the TruSTAR App tile when they log into their Okta account.
The user can click on that App tile to log in to the TruSTAR Web App.
Okta SSO does not impact or change API credentials. Usage of Python SDK or any other vendor integrations will remain unaffected when you switch a user from non-SSO to SSO-enabled login.
Please reach out to firstname.lastname@example.org for any additional questions.