This document explains how to install and configure the Okta App that provides provide secure and reliable Single Sign On (SSO) access to TruSTAR Station. The Okta App uses the SAML 2.0 standard to enable SSO. You can learn more about Okta’s SAML documentation here (https://developer.okta.com/standards/SAML/index).
When using the Okta App for SSO, Okta serves as the Identity Provider (IDP) and TruSTAR is the Service Provider (SP).
Setting up TruSTAR with Okta is a three-step process:
- Install the Okta app.
- Enable users in Okta.
- Enable users in TruSTAR.
Installing the Okta App
- Download the TruSTAR app from the Okta application network. Click the Add Apps button on the top right to start the process.
- Search for TruSTAR in the Search bar on the left. Click Add on the TruSTAR popup.
- If you are not in Admin mode, click Admin on the top right of the Okta window.
- Click on Applications tab in the top menu.
- You should see the TruSTAR app listed. Click on that link.
- Click the Sign On tab in the top menu bar.
- Click the Identity Provider metadata link. This will download a metadata file.
- Email TruSTAR Support to request activation:
- Email address: firstname.lastname@example.org
- Subject line format: <Your company name> - Okta metadata. For example: ABC Co - Okta metadata
- Body of email: Link to the metadata file. for example, https://dev-xxxxxx.oktapreview.com/app/xxxxx/sso/saml/metadata)
Your Okta SSO configuration will be enabled within two business days of TruSTAR receiving this email. TruSTAR will send you a confirmation and you can then proceed to enable users in Okta.
Enabling Users in Okta
- Log into Okta as Admin
- Click Directory in the blue menu bar, then click People on the dropdown menu.
- If the user exists, click their name and assign them the TruSTAR app.
- If the user doesn’t exist, create a new user.A new user's Okta username must be the same email address they will use when logging into TruSTAR station.
Enabling SSO in TruSTAR
Users must have an account with TruSTAR Station before you can enable SSO for them.
- Log into TruSTAR station using a Company Administrator account.
- Go to the User Account Management page. You can either paste this link in the browser tab https://station.trustar.co/settings/users , or click on username tab (top right) -> Settings-> Users.
- For each user that you want to enable, click Edit (rightmost column in the table)
- Click SSO Enabled
- Click Save User.
- Repeat steps 3-5 for each user in your company that you want to enable for Okta SSO.
Using the Okta App
After the Configuration steps are completed, users should see the TruSTAR app tile when they log into their Okta account.
The user can click on the app tile to be directly logged into TruSTAR Station.
Okta SSO does not impact or change API credentials. Usage of Python SDK or any other vendor integrations will remain unaffected when you switch a user from non-SSO to SSO enabled.