0% found this document useful (0 votes)

9 views75 pages

OKTA SAML Configuration

Uploaded by

Iago Monteiro Miranda

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

9 views75 pages

OKTA SAML Configuration

Uploaded by

Iago Monteiro Miranda

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 75

10/16/2024

User Manual: SAML Setup Using OKTA

Introduction
This manual provides step-by-step instructions on how to configure Single Sign-On (SSO) for
CoLOS applications using OKTA. The integration allows secure authentication of users and
groups in the CoLOS system via OKTA
.

Pre-requisites:
l Ensure WebAPI, PUI, and CAT security are configured using HTTPS.
l Set CoLOS security level to medium or high before proceeding.

Setting Up an OKTA Developer Account

1. Navigate to the OKTA developer sign-up page: OKTA Developer.

2. Enter the required information and click Sign up. You will receive the verification email,
Click Active.

3. Follow the instructions to create new password and click Reset Password.
4. Click Setup and verify your password.

2/75
5. Download and install the Okta verify app on your mobile device.

6. Set up your account in the app and enter the verification code. Click Verify.

7. The OKTA home page opens.

Managing Users
Adding a New User
1. Log in to the OKTA portal.
2. Go to Directory People.
3. Click Add person.
4. Enter the required user details.
5. Click Save.

3/75
Result: The new user is created in the directory.

Groups
Creating a Group
1. Go to Directory Groups.
2. Click Add group.
3. Enter the required information for the group. Use the following format for group names:
OKTA-COLOS<Role Name> (e.g., OKTA-COLOS_Administrator).
4. Click Save.

Result: The user is created in the directory.

Adding Users to a Group

1. Go to Directory Groups.
2. Click the appropriate group name from the list to expand the details pane and to add
users.

4/75
3. Click the Assign people tab and Select + next to the user to add them to the group.

Configuring Applications in OKTA

Predefined CoLOS Applications:
Use the following application names during integration:
l CoLOS Administrator: CoLOSAdministrator

l CoLOS Designer: CoLOSDesigner

l CoLOS OEE: OEE

l CoLOS PUI: PUI

l CoLOS Application Toolkit: cat

l CoLOS Data Management: CoLOSDataManagement

l CoLOS Design Control: DesignControl

Adding CoLOS Administrator Application in OKTA

1. Log in to the OKTA portal using an account with administrative rights (https://okta-
devok12.okta.com/).
2. Go to the Applications tab and click Create App Integration.

5/75
3. Select SAML 2.0 as the sign-in method, then click Next.

4. On General settings page, enter the app name (e.g., CoLOS Administrator (SAML).

6/75
5. On Configure SAML Page, In SAML settings, enter:
o The Signle Sign-on URL- https:/Server-
name:9340/UserAuthApi/SamlLoginResponse.

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

6. In Group Attribute Statements (optional), set the attributes to:

n Name: Groups
n Filter: Start with

7/75
n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group prefix field blank if the group name doesn’t have
a prefix (e.g., group name: Administrator).

7. Select " It's required to contact the vendor to enable SAML" radio button. Click Finish

8/75
Result: The CoLOS Administrator application is added to OKTA.

8. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

9. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

9/75
Assigning App to the Groups
1. Go to the Applications tab, Select the application, then navigate to the Assign-
ments tab.
2. Click Assign and select Assign to Groups.
3. Choose the desired group from the list, then click Assign andDone.

Result: The application is assigned to the group.

10/75
Assigning App to the Users
1. Go to the Applications tab, Select the application, then navigate to the Assign-
ments tab.
2. Click Assign and select Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

Integrating Identity Platform with CoLOS:

1. To import the certificate
l Go to System Properties Certificate Management. Select Import next to
CoLOS Administrator SAML.
l Click the three-dot menu next to Certificate file and choose all files. Select the file
and Click Open. Click Apply.

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

11/75
3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL from OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

l Audience URL: http://www.provider.com/Audience

This is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

12/75
l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave the Group prefix field blank if the group name doesn’t have
a prefix (e.g., group name: Administrator

3. Click Test, enter your credentials and click Sign on.

Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

13/75
Adding CoLOS Designer Application in OKTA
1. Log in to the OKTA portal using an account with administrative rights (https://okta-
devok12.okta.com/).
2. Go to the Applications tab.
3. Click Create App Integration.

4. Select SAML 2.0 as the sign-on method, then click Next.

5. On General settings page, enter the app name e.g., "CoLOS Designer (SAML)".

14/75
6. In Configure SAML Page,
o The Signle Sign-on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

7. In Group Attribute Statements (optional):

n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

15/75
The Group prefix is the prefix of CoLOS groups created in the
identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix. (e.g., group
name: Administrator).

8. Select the radio button " It's required to contact the vendor to enable SAML", then click
Finish

16/75
Result: The app is created.

9. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

17/75
Assigning CoLOS Designer App to the Groups
1. Go to the Applications tab, Select the application adn navigate to the Assignments
tab.
2. Select Assign and click Assign to Groups.
3. Select the group from the list and click Assign and Done.

Result: The application is assigned to the group.

18/75
Assigning App to the Users
1. Go to the Applications tab , Select the application and navigate to the Assignments
tab.
2. Select Assign and Click Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result:The application is assigned to the user.

Repeat the above procedure to integrate other CoLOS applications with Iden-
tity platform.

Integrating an identity platform with CoLOS:

Configure SAML certificates with applications:
1. To import the certificate
l Go to System Properties Certificate Management. Select Import next to
CoLOS Administrator SAML.
l Click the three-dot menu next to Certificate file and choose all files. Select the file
and Click Open. Click Apply.

19/75
2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

20/75
l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave this blank if the group name does not have a prefix.

3. Click Test, enter your credentials, Click Sign on.

21/75
Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

Adding CoLOS Design Control Application in OKTA

1. Log in to the OKTA portal using an account with administrative rights (https://okta-
devok12.okta.com/).
2. Go to the Applications tab.
3. Click Create App Integration.

4. Select SAML 2.0 as the sign-on method, then click Next.

22/75
5. On theGeneral settings page enter the app name, e.g., "CoLOS Design Control
SAML".

6. In the Configure SAML Page,

o The Signle Sign-on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

23/75
7. In Group Attribute Statements (optional):
n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

24/75
8. Select the radio button " It's required to contact the vendor to enable SAML", then click
Finish

Result: The app is created.

9. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

25/75
10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

Assigning CoLOS Design Control App to the Groups

1. Go to Applications tab, Select the application, and navigate to the Assignments tab.
2. Select Assign then Click Assign to Groups.
3. Select the group from the list and click Assign and Done.

26/75
Result: The application is assigned to the group.
Assigning App to the Users
1. Go to Applications tab, Select the application, and navigate to the Assignments tab.
2. Select Assign, then ClickAssign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

Repeat the above procedure to integrate other CoLOS applications with Iden-
tity platform.

27/75
Integrating an Identity Platform with CoLOS:
Configure SAML certificates with applications:
1. To import the certificate
l Go to System Properties Certificate Management. Select Import next to
CoLOS Administrator SAML.
l Click the three-dot menu next to Certificate file and choose all files. Select the file
and Click Open. Click Apply.

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

28/75
Select Medium Security if the High Security option is not available to
you.

Repeat same steps for other applications and select the respective OKTA
certs for apps.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave this blank if the group name does not have a prefix.

29/75
3. Click Test, enter your credentials, Click Sign on.

Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

Adding CoLOS Data Management Application in OKTA

1. Log in to the OKTA portal using an account with administrative rights (https://okta-
devok12.okta.com/).
2. Go to the Applications tab.

30/75
3. Click Create App Integration.

4. Select SAML 2.0 as the sign-on method, then click Next.

5. On theGeneral settings page enter the app name, e.g., "CoLOS Data Management
(SAML)".

31/75
6. In the Configure SAML Page, In SAML settings,
o The Signle Sign-on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

7. In Group Attribute Statements (optional):

n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-

32/75
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

8. Select the radio button " It's required to contact the vendor to enable SAML", then Click
Finish.

33/75
Result: The app is created.

9. Go to the specifc application, navigate to the Sign On tab and click View SAML setup
instructions to download the certificate.

10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

34/75
Assigning CoLOS Data Management App to Groups
1. Go to Applications, Select the application, and navigate to the Assignments tab.
2. Select Assign, then click Assign to Groups.
3. Select the group from the list and click Assign and Done.

Result: The application is assigned to the group.

35/75
Assigning CoLOS Data Management App to the Users
1. Goto Applications, Select the App, navigate to the Assignments tab.
2. Select Assign and ClickAssign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

Integrating an Identity Platform with CoLOS:

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

36/75
3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

37/75
l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave this blank if the group name does not have a prefix.

3. Click Test, enter your credentials, Click Sign on.

38/75
Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

Adding CoLOS Data Management Application in OKTA

4. Select SAML 2.0 as the sign-on method, then click Next.

5. On theGeneral settings page, enter the app name e.g., "CoLOS Data Management
(SAML)".

39/75
6. In Configure SAML Page, In SAML settings,
o The Signle Sign-on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

7. In Group Attribute Statements (optional):

n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-

40/75
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

8. Select the radio button " It's required to contact the vendor to enable SAML", then Click
Finish

41/75
Result: The app is created.

9. Go to the specifc application, navigate to the Sign On tab and click View SAML setup
instructions to download the certificate.

10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

42/75
Assigning CoLOS Data Management App to the Groups
1. Go to Applications tab, Select the application, then navigate to the Assignments tab.
2. Select Assign and Click Assign to Groups.
3. Select the Group from the list and Click Assignand Done.

Result: The application is assigned to the group.

43/75
Assigning CoLOS Data Management App to the Users
1. Go to Applications tab, Select the application, then navigate to the Assignments tab.
2. Select Assign and Click Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

Integrating an Identity Platform with CoLOS:

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

44/75
3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Repeat same steps for other applications and select the respective OKTA
certs for apps.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

45/75
l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave the Group Prefix field blank if there is no prefix.

3. Click Test, enter your credentials, Click Sign on.

46/75
Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

Adding CoLOS PUI Application in OKTA

4. Select SAML 2.0 as the sign-on method, then click Next.

47/75
5. On theGeneral settings page enter the app name, e.g., "CoLOS PUI (SAML)".

6. In the Configure SAML Page, In SAML settings,

o The Signle Sign-on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

48/75
7. In Group Attribute Statements (optional):
n Name: Groups

n Filter: Start with

n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

49/75
8. Select the radio button " It's required to contact the vendor to enable SAML", then click
Finish

Result: The app is created.

9. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

50/75
Assigning CoLOS PUI App to the Groups
1. Goto Applications, Select the App, navigate to the Assignments tab.
2. Select Assign and Click Assign to Groups.
3. Select the Group from the list and Click Assign and Done.

Result: The application is assigned to the group.

51/75
Assigning CoLOS PUI App to the Users
1. Goto Applications, Select the App, navigate to the Assignments tab.
2. Select Assign and Click Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result:The application is assigned to the selected users.

Integrating an Identity Platform with CoLOS:

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

52/75
3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA. (Refer to URL and Issuer)

2. On the General section, fill out the following mandatory fields:

l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

53/75
l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave the Group Prefix field blank if there is no prefix.

3. Click Test, enter your credentials, Click Sign on.

Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

54/75
Adding CoLOS OEE Application in OKTA
1. Log in to the OKTA portal using an account with administrative rights (https://okta-
devok12.okta.com/).
2. Go to the Applications tab.
3. Click Create App Integration.

4. Select SAML 2.0 as the sign-on method, then click Next.

5. In General settings page, enter the app name, e.g., "CoLOS PUI (SAML)".

55/75
6. In Configure SAML Page, In SAML settings,
o The Signle Sign on URL - https://Server-
name:9340/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

7. In Group Attribute Statements (optional):

n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

56/75
The Group prefix is the prefix of CoLOS groups created in the
identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

8. Select the radio button " It's required to contact the vendor to enable SAML", then click
Finish.

57/75
Result: The app is created.

9. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

58/75
Assigning CoLOS PUI App to the Groups
1. Go to Applications tab, Select the application, and navigate to the Assignments tab.
2. Select Assign and Click Assign to Groups.
3. Select the Group from the list and Click Assign and Done.

Result: The application is assigned to the group.

59/75
Assigning CoLOS PUI App to the Users
1. Go to Applications tab, Select the application, and navigate to the Assignments tab.
2. Select Assign and Click Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

Integrating an identity platform account with CoLOS:

2. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

60/75
3. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Repeat same steps for other applications and select the respective OKTA
certs for apps.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA.

2. On the General section, fill in the following mandatory fields:

61/75
l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave the Group Prefix field blank if there is no prefix.

3. Click Test, enter your credentials, Click Sign on.

62/75
Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

Adding CoLOS CAT Application in OKTA

4. Select SAML 2.0 as the sign-on method, then click Next.

63/75
5. On the General settings page, enter the app name, e.g., "CoLOS CAT

6. In Configure SAML Page, In SAML settings,

o The Signle Sign-on URL - https://Server-
name:8084/UserAuthApi/SamlLoginResponse

Replace Servername with your actual server name.

o Audience URI - http://www.okta.com/Audience

o Default RelayState - App=Applictation name (Refer to App names)

64/75
7. In Group Attribute Statements (optional):
n Name: Groups
n Filter: Start with
n Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is OKTA-COLOS_Admin-
istrator, then the group prefix is OKTA-CoLOS_)

Leave the Group Prefix field blank if there is no prefix.

65/75
8. Select the radio button " It's required to contact the vendor to enable SAML". Click Fin-
ish.

Result: The app is created.

9. Go to specifc application, navigate to Sign On tab. Click View SAML setup instruc-
tions to download the certificate.

66/75
10. Note the Identity Provider Single Sign-On URL and Identity Provider Issuer and
download the certificate.

67/75
Assigning CoLOS PUI App to Groups
1. Go to Applications, Select the application, navigate to the Assignments tab.
2. Select Assign and Click Assign to Groups.
3. Select the group from the list and Click Assign and Click Done.

Result: The application is assigned to the group.

Assigning CoLOS CAT App to Users

1. Go to Applications tab, Select the application, navigate to the Assignments tab.
2. Select Assign and Click Assign to People.
3. Choose the users to assign, then click Assign and Done.

Result: The application is assigned to the selected users.

68/75
Integrating an Identity Platform with CoLOS:
Configure SAML certificates with applications:
1. Open SQL and add the following details in scUser table.
Refer to the following figure.

o scName - username
o scRole - groupname
o scStation - Profiles created in Toolkit

2. Open Toolkit, navigate to Configuration Security and then change the Security
Mode: to User Log On . Click the check box to enable User Defines Station, and Use
authentication modes configured in CoLOS Enterproise other than LDAP .

3. To add a role , Click and enter the Role Name same as OKTA groupname. Click
Save and deploy the project.

4. To import the OKTA certificate

l Go to System Properties Certificate Management. Select Import next to
CoLOS Operator Panel SAML.

69/75
l Click the three-dot menu next to Certificate file and choose all files. Select the file
and Click Open. Click Apply.

5. To Import CoLOS Toolkit certificate

l Go to System Properties Certificate Management. Select Import next to
CAT.
l Click the three-dot menu next to Certificate file and choose all files. Select the file
and Click Open. Click Apply.

6. Go to Search bar and type Services. Search for Markem-imaje Connectivity, right click
and Select Restart.

70/75
7. Go to Security Level, Select High Security. Choose SAML 2.0 - XML Based
Authentication from the Protocol drop down. Click Configure.

Select Medium Security if the High Security option is not available to

you.

Integrating CoLOS applications (SAML 2.0) with OKTA:

1. On the Apps section, expand the section for the application and enter the following:

l Destination URL: Identity Provider Single Sign-On URL in OKTA

l Issuer: Identity Provider Issuer in OKTA. (Refer to URL and Issuer)

2. On the General section, fill out the following mandatory fields:

l Audience URL: http://www.provider.com/Audience

It is same for all CoLOS applications. You must configure

CoLOS Administrator before configuring any other
CoLOS applications.

l Group Attribute: Groups

71/75
l Group Prefix: OKTA-COLOS_

The Group prefix is the prefix of CoLOS groups created in the

identity platform (e.g., If the group name is CoLOS_Administrator,
then the group prefix is CoLOS_).

Leave the Group Prefix field blank if there is no prefix.

3. Click Test, enter your credentials, Click Sign on.

72/75
Authentication needs to be successful in Test Information

4. Restart the CoLOS application, then log in using your OKTA credentials.

Click CoLOS User Login to login with your CoLOS login credentials.

The below section explains the standard procedures for logging into applications via OKTA
tiles, as well as the methods to launch applications with specific parameters.

Using OKTA Tiles for Application Access

Accessing the OKTA End USer Dashboard
To view and launch applications configured with OKTA, follow these steps:
1. Log in to the OKTA portal using your credentials.

2. Click the End User Dashboard button at the top- right corner of the page .

Result: The OKTA End User Dashboard opens, displaying all active apps configured
with OKTA for your account.

To launch the CoLOS Administrator app:

3. From the End User Dashboard Click CoLOS Administrator tile.

4. A new browser tab will open, prompting you to click the Open button.

73/75
Result: The CoLOS Administrator application will be invoked, and you can begin using
the app.

To launch the CoLOS Administrator app:

To launch any other web application, such as PUI, follow these steps:
5. Click the appropriate app tile (e.g., PUI) from the OKTA End User Dashboard.

Result: The application will open in a new browser tab without requiring additional cre-
dentials.

The roles and permissions assigned within each application will be the
same as the roles configured for the logged-in user in OKTA.

Launch Web app using parameters

In certain cases, you may need to launch a web application with specific parameters, such as
station, language, or touchscreen settings. Follow these steps:
1. Go to the OKTA End User Dashboard Click on Add Apps button.

.
2. In the Search bar, type Bookmark, then click Bookmark button that apperas in the
search results.

74/75
3. Add the required URL and app name. For example
o (https://Servername:8084/?Language=XLanguage)
o App name= CAT_XLanguage
Click Add bookmark.

Result: A new shortcut will appear as an OKTA tile in your dashboard. Clicking this tile
will launch the application with the parameters specified in the URL.

This document outlines the step-by-step process for integrating CoLOS applications with
OKTA using SAML 2.0, ensuring proper configuration and assignment of certificates, groups,
and users and standard procedures for logging into applications via OKTA tiles, as well as the
methods to launch applications with specific parameters

75/75

IAM - OKTA Without User Onboarding Process
No ratings yet
IAM - OKTA Without User Onboarding Process
11 pages
IAM - OKTA Without User Onboarding Process
No ratings yet
IAM - OKTA Without User Onboarding Process
11 pages
Okta SSO Overview: SWA & SAML Explained
No ratings yet
Okta SSO Overview: SWA & SAML Explained
16 pages
Integrate Specific Applications With Okta Using SAML Exercise
No ratings yet
Integrate Specific Applications With Okta Using SAML Exercise
33 pages
SAML SSO Authentication in Pega With Okta IDP
No ratings yet
SAML SSO Authentication in Pega With Okta IDP
8 pages
Configuring Okta For SAML Authentication in Domino
No ratings yet
Configuring Okta For SAML Authentication in Domino
17 pages
Case Study - OTDS 162 - OKTA Integration
No ratings yet
Case Study - OTDS 162 - OKTA Integration
20 pages
OKTA S Training
No ratings yet
OKTA S Training
10 pages
Document Access and ID
No ratings yet
Document Access and ID
16 pages
PAT-SSO With SAML 2.0-200224-190845
No ratings yet
PAT-SSO With SAML 2.0-200224-190845
7 pages
Integration of GCP With OKTA
No ratings yet
Integration of GCP With OKTA
22 pages
Okta
No ratings yet
Okta
17 pages
DG Cloudpath OKTA Integration SAML 2.0
No ratings yet
DG Cloudpath OKTA Integration SAML 2.0
17 pages
SSO Okta Guide
No ratings yet
SSO Okta Guide
5 pages
2017-Asec-Thomas Darimont-Open Source Identity Management Mit Keycloak-Praesentation
No ratings yet
2017-Asec-Thomas Darimont-Open Source Identity Management Mit Keycloak-Praesentation
39 pages
Configuring SAML and Okta
No ratings yet
Configuring SAML and Okta
4 pages
SAML Steps For Creation of New App
No ratings yet
SAML Steps For Creation of New App
18 pages
Configuring OTDS SSO With D2 16.5
No ratings yet
Configuring OTDS SSO With D2 16.5
31 pages
Federated Login Using Domino and Okta
No ratings yet
Federated Login Using Domino and Okta
14 pages
Configurating SAML Authentication
No ratings yet
Configurating SAML Authentication
6 pages
Single Sign
No ratings yet
Single Sign
2 pages
IAM Okta Training 1607857222
100% (6)
IAM Okta Training 1607857222
15 pages
Untitled Document
No ratings yet
Untitled Document
3 pages
Microsoft 365 Administrator S Guide
No ratings yet
Microsoft 365 Administrator S Guide
83 pages
Okta Certified Professional Hands On Configuration Exam Preparation Guide June 2021
No ratings yet
Okta Certified Professional Hands On Configuration Exam Preparation Guide June 2021
96 pages
Okta Identity Cloud Deployment Guide
No ratings yet
Okta Identity Cloud Deployment Guide
21 pages
Otds Iwc en
No ratings yet
Otds Iwc en
404 pages
How To Secure Your Spring Apps With Keycloak: Thomas Darimont
No ratings yet
How To Secure Your Spring Apps With Keycloak: Thomas Darimont
42 pages
Initial TAS Configuration
No ratings yet
Initial TAS Configuration
27 pages
OIE CIAM Delta Lab Guide
No ratings yet
OIE CIAM Delta Lab Guide
15 pages
Red Hat JBoss Enterprise Application Platform-6.4-How To Setup SSO With SAML v2-En-US
No ratings yet
Red Hat JBoss Enterprise Application Platform-6.4-How To Setup SSO With SAML v2-En-US
42 pages
Test Lab Guide: Deploying An AD CS Two-Tier PKI Hierarchy
No ratings yet
Test Lab Guide: Deploying An AD CS Two-Tier PKI Hierarchy
22 pages
4 - Connecting UPS To Platform, AD - PlatformCMD Training With Dee-20250730 - 170523-Meeting Recording-En-US
No ratings yet
4 - Connecting UPS To Platform, AD - PlatformCMD Training With Dee-20250730 - 170523-Meeting Recording-En-US
40 pages
Office 365 Deployment Guide-1 PDF
No ratings yet
Office 365 Deployment Guide-1 PDF
52 pages
Implenting Secure SSO With OpenSAML
100% (1)
Implenting Secure SSO With OpenSAML
43 pages
Red Hat Enterprise Linux-6-Identity Management Guide-En-US
No ratings yet
Red Hat Enterprise Linux-6-Identity Management Guide-En-US
215 pages
Okta O365 Deployment Guide
No ratings yet
Okta O365 Deployment Guide
53 pages
Howto Configure Admin Console OIDC AzureAD
No ratings yet
Howto Configure Admin Console OIDC AzureAD
17 pages
NoteGPT - Become System Admin in 2024 ! Server Active Directory Password Reset !
No ratings yet
NoteGPT - Become System Admin in 2024 ! Server Active Directory Password Reset !
4 pages
Otds-Installation and Administration Guide 21.3
No ratings yet
Otds-Installation and Administration Guide 21.3
410 pages
OpenText Directory Services 16.4.2 - Installation and Administration Guide English (OTDS160402-IWC-EN-04)
No ratings yet
OpenText Directory Services 16.4.2 - Installation and Administration Guide English (OTDS160402-IWC-EN-04)
368 pages
OpenText Directory Services 16.2.3 - Installation and Administration Guide English (OTDS160203-IWC-EN-02)
100% (1)
OpenText Directory Services 16.2.3 - Installation and Administration Guide English (OTDS160203-IWC-EN-02)
358 pages
Red Hat JBoss Enterprise Application Platform-7.2-How To Set Up SSO With SAML v2-En-US
No ratings yet
Red Hat JBoss Enterprise Application Platform-7.2-How To Set Up SSO With SAML v2-En-US
51 pages
MCS M365 Implementation Document v1.2
No ratings yet
MCS M365 Implementation Document v1.2
46 pages
How To Use Active Directory and Macintosh Clients
No ratings yet
How To Use Active Directory and Macintosh Clients
17 pages
WPR - How Okta Integrates Apps Architecture
No ratings yet
WPR - How Okta Integrates Apps Architecture
12 pages
Okta Course 1
No ratings yet
Okta Course 1
20 pages
Sakai11 SAML ADFS
No ratings yet
Sakai11 SAML ADFS
5 pages
Practical Lab1 Fall2022
No ratings yet
Practical Lab1 Fall2022
5 pages
Tenable Security Center-User Guide
No ratings yet
Tenable Security Center-User Guide
898 pages
SAML Configuration Using IPD
No ratings yet
SAML Configuration Using IPD
15 pages
Hybrid-Id Lab - Ad Ds + Entra Id + Ad Fs + m365
No ratings yet
Hybrid-Id Lab - Ad Ds + Entra Id + Ad Fs + m365
67 pages
SSO - Single Sign On
No ratings yet
SSO - Single Sign On
5 pages
OneIM OperationsSupportWebPortal UserGuide
No ratings yet
OneIM OperationsSupportWebPortal UserGuide
48 pages
Azure AD To OpenText Directory Services Provisioning
No ratings yet
Azure AD To OpenText Directory Services Provisioning
9 pages
ADConnector Tutorial
No ratings yet
ADConnector Tutorial
44 pages
PA FirewallConfiguration 270712 1931 47
No ratings yet
PA FirewallConfiguration 270712 1931 47
3 pages
Ping Identity Configuration Manual
No ratings yet
Ping Identity Configuration Manual
61 pages
CoLOS OPC UA Custom Tags Setup Guide
No ratings yet
CoLOS OPC UA Custom Tags Setup Guide
14 pages
OPC UA Client Setup Guide
No ratings yet
OPC UA Client Setup Guide
18 pages
Xiaomi Phone Price List
No ratings yet
Xiaomi Phone Price List
3 pages
Class 8 Notes
50% (2)
Class 8 Notes
98 pages
Exam Chits
No ratings yet
Exam Chits
7 pages
Balaji PLM
No ratings yet
Balaji PLM
4 pages
S
50% (2)
S
49 pages
The Spike Volleyball Story For PC 3rd 1
No ratings yet
The Spike Volleyball Story For PC 3rd 1
5 pages
Application of Computer in Various Fields 2
No ratings yet
Application of Computer in Various Fields 2
45 pages
CURA 15.04 Version User's Instruction
No ratings yet
CURA 15.04 Version User's Instruction
7 pages
HP ScanJet Pro 3600 f1
No ratings yet
HP ScanJet Pro 3600 f1
2 pages
Resume Gupta Sanchit
No ratings yet
Resume Gupta Sanchit
1 page
Getting Started With Node-Red Raspberry Pi (PDFDrive)
No ratings yet
Getting Started With Node-Red Raspberry Pi (PDFDrive)
18 pages
Quiz 8
No ratings yet
Quiz 8
12 pages
02 ADP Online Email Update Procedure
No ratings yet
02 ADP Online Email Update Procedure
6 pages
HCI Course for IT Students
No ratings yet
HCI Course for IT Students
2 pages
Web Technologies
No ratings yet
Web Technologies
3 pages
Main Actor
No ratings yet
Main Actor
250 pages
CCBP Intensive Curriculum
No ratings yet
CCBP Intensive Curriculum
38 pages
Introduction To Microsoft Azure Resource Manager (ARM)
No ratings yet
Introduction To Microsoft Azure Resource Manager (ARM)
11 pages
Mazda 626 Workshop Manual in English
100% (43)
Mazda 626 Workshop Manual in English
20 pages
SooperLooper - Documentation: MIDI Bindings
No ratings yet
SooperLooper - Documentation: MIDI Bindings
2 pages
IT & MIS Fundamentals for Students
No ratings yet
IT & MIS Fundamentals for Students
7 pages
Wanakai CV
No ratings yet
Wanakai CV
2 pages
ECS Administration - Lab Guide
100% (1)
ECS Administration - Lab Guide
249 pages
The Salesforce Lightning Reference Guide
No ratings yet
The Salesforce Lightning Reference Guide
40 pages
Oracle FSG Best Practices Guide
No ratings yet
Oracle FSG Best Practices Guide
37 pages
User Guide For MagiCAD Create
No ratings yet
User Guide For MagiCAD Create
18 pages
Color Track Bench Manual
No ratings yet
Color Track Bench Manual
26 pages
Wrapper Classes Exercise: Cognizant Technology Solutions
No ratings yet
Wrapper Classes Exercise: Cognizant Technology Solutions
7 pages
cst499 Capstone Report - Michael Cisneros and Jason Moon
No ratings yet
cst499 Capstone Report - Michael Cisneros and Jason Moon
68 pages
VMware vSphere 8.x Exam Q&A PDF
No ratings yet
VMware vSphere 8.x Exam Q&A PDF
5 pages
History: Tiobe Programming Language Popularity Index
No ratings yet
History: Tiobe Programming Language Popularity Index
1 page