-
Notifications
You must be signed in to change notification settings - Fork 14
How to: Configure an Okta application
Disclaimer: This How-To guide does not intend to be an all inclusive and complete Okta configuration guide. It intends to only document the specific steps needed to point/configure Okta to an environment built by the quickstart, and set the attributes expected by the application. At a high level, there are two pieces of non-predictable information (UserPoolId and UserPoolClientDomain) derived from an environment that must be plugged into Okta; that's what this guide documents.
This How-To will walk through configuring an existing Okta SAML application to point back to a quickstart environment's Cognito installation. For this guide, we will use the fictional example of the 'mybranch' environment, and step through configuring an Okta application to be connected to that environment.
- An Okta SAML Application.
- Admin permissions for the Okta Application.
- The user pool id of the mybranch environment. This can be found by looking at CloudFormation stack outputs for the ui-auth-mybranch stack, and finding the UserPoolId output value.
- The Cognito user pool client domain for the mybranch environment. This can be found by looking at CloudFormation stack outputs for the ui-auth-mybranch stack, and finding the UserPoolClientDomain output value.
- Login to the Okta application that is being configured.
- Click the Admin button located near the top right.
- On the left menu, click Applications, then Applications again.
- Click on the application that is being configured.
- Click the General tab.
- Under SAML Settings, click Edit.
- Click Next at the bottom of the page.
- For Single sign on URL, enter: https://<value of UserPoolClientDomain>/saml2/idpresponse For example, what you enter should look similar to https://mybranch-login-2nrvpmnp9siqu2840m307u7nc5.auth.us-east-1.amazoncognito.com/saml2/idpresponse
- Check the box titled "Use this for Recipient URL and Destination URL"
- For Audience URI (SP Entity ID), enter: urn:amazon:cognito:sp:<value of UserPoolId> For example, what you enter should look similar to urn:amazon:cognito:sp:us-east-1_p2yc1h2jK
- Set the Application username field/box to Okta username.
- Set the Attribute Statements section according to the following table:
| Name | Name Format | Value | Notes |
|---|---|---|---|
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress | Unspecified | user.email | Default Cognito Attribute |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname | Unspecified | user.firstName | Default Cognito Attribute |
| http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname | Unspecified | user.lastName | Default Cognito Attribute |
- Click Next
- Click Finish
None
- Home
- Design
- How to
- Configure an Okta application
- Configure an environment for Okta
- Create an SSM parameter
- Get cloudformation stack outputs
- Clone this repo
- Install Homebrew
- Install Git
- Install nvm
- Install Node.js
- Install Java
- Install AWS CLI
- Install awslogs
- Install Docker Desktop
- Install Code Climate CLI
- Install serverless
- Install Yarn
- Install testcafe
- Re run a github actions workflow
- Workflows