To configure SSO through Okta, you must provide Precisely support with the following information:
Required information | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Idp SSO endpoint | A publicly accessible login URL. | ||||||||||
Idp SLO endpoint | A publicly accessible logoff URL, if different from above. | ||||||||||
Expected hash algorithm | For example SHA1, SHA256 or SHA512. | ||||||||||
Sign SAML assertion | Y/N | ||||||||||
Sign SAML message | Y/N | ||||||||||
Encrypt SAML message | Y/N | ||||||||||
Public certificate | If you have provided an encrypted SAML message, please also provide a .CER file to encrypt the message with. | ||||||||||
Expected claims |
|
||||||||||
Additional optional claims |
You may wish to assign additional claims such as phoneNumber, mobilePhone, jobTitle, or department as a claim. If so, please specify the claim names as well. If you want to synchronize these optional claims with users, you will need to create fields for a user under Administration :: Security :: Users, where each field's API Name matches the custom claim's property name. |
If using Azure Active Directory, you must create an enterprise application, as follows:
-
Sign in to the Microsoft Azure portal, click the portal menu icon, positioned to the top left, then select Azure Active Directory.
-
In the right pane, click Enterprise application in the Create area.
-
Click Non-Gallery application.
-
In the Name field, type Precisely Data3Sixty Govern, or your preferred name for the application, and click Add.
-
Click Single sign-on in the left menu, then click SAML.
-
In the Basic SAML Configuration, click the pencil to edit.
-
You must add an Identifier (Entity ID) value:
https://www.okta.com/saml2/service-provider/xxxx
(to be provided by Precisely support).Then select this value as the default and remove all other Identifiers.
- The Reply URL (Assertion Consumer Service URL) is also provided by Precisely Support.
-
-
In the SAML Signing Certificate area, select Download for Certificate (Base64), and download the certificate to your computer.
Note: You'll need the certificate when you make Azure Active Directory an identity provider in Okta. -
In the Set up Precisely Data3Sixty Govern area (step 4), record the values in these fields:
- Login URL.
- Azure AD Identifier.
- Logout URL.
Note: You will need these values when interacting with Precisely Support.