🏛️Okta Integration

This article describes the process of integrating Arnica with Okta SSO

Okta integration instructions

By integrating Arnica with Okta single sign on (SSO) you can ensure that all users authenticating with Arnica are doing so through your organizations-managed Okta provisioning and de-provisioning. The setup of the integration requires taking steps on Arnica and Okta. Below are the details.

Get organization identified in Arnica

Sign into Arnica https://app.arnica.io/ and click on your avatar.
Select Edit Account
Copy the Organization ID (we will call it YOUR_ARNICA_ORGANIZATION_ID in the next steps in this guide).

Add app integration in Okta

The following steps must be completed by an Okta administrator:

Go to the following URL: https://{YOUR_OKTA_ADMIN_DOMAIN}.okta.com/admin/apps/active. For example: https://company-admin.okta.com/admin/apps/active. This page will result in a 404 error if you do not have permissions.
Click on Create App Integration button.
In the dialog that opens, select SAML 2.0
In General Settings, set the following:
App name: Arnica App logo: you can download the logo from here and upload it to Okta
In Configure SAML -> A: SAML Settings
1. In General
  A. Single sign-on URL: enter https://arnica-prod.us.auth0.com/login/callback?connection={YOUR_ARNICA_ORGANIZATION_ID}
  B. Audience URI (SP Entity ID): enter urn:auth0:arnica-prod:{YOUR_ARNICA_ORGANIZATION_ID} C. Leave the other fields with their default value.
2. In “Attribute Statements”: add the following mappings (These statements are case sensitive)
  Name
  Name format
  Value
  email
  Unspecified
  user.email
  given_name
  Unspecified
  user.firstName
  family_name
  Unspecified
  user.lastName
  email_verified
  Unspecified
  true
3. In "Group Attribute Statements": add the following mapping:
  Name
  Name format
  Filter
  groups
  Unspecified
  Starts with: arnica-
  ⚠️ IMPORTANT: The filter must match the directory groups, i.e. for the above it will send only groups that start with arnica- (case sensetive)
4. Click Next (Though the section title says “Optional” this step is required for Arnica integration)
5. In Feedback
  A. Are you a customer or partner? Mark “I'm an Okta customer adding an internal app”
  B. Leave other fields empty and click Finish
Under Sign On -> Settings -> Sign on methods -> SAML 2.0, click on More details

1. Copy the Sign on URL

2. Download the Signing Certificate

Send the following to support@arnica.io the following information.
1. Subject: SSO Onboarding Request
2. Email domain: the domain for which you would like to setup SSO, e.g., yourcompany.com
3. Arnica Organization ID: your arnica organization ID obtained earlier.
4. Sign on URL: the Sign on URL from the step above.
5. Attach the Signing Certificate from the step above.
6. Leave a contact phone number and available times for Arnica’s customer success to help with the onboarding process.
7. We are typically fast at responding to these requests, but please allow up to 1-2 business days to get confirmation.

PreviousData Handling

Last updated 6 months ago

Add app integration in Okta

The following steps must be completed by an Okta administrator:

Go to the following URL: https://{YOUR_OKTA_ADMIN_DOMAIN}.okta.com/admin/apps/active. For example: https://company-admin.okta.com/admin/apps/active. This page will result in a 404 error if you do not have permissions.

Click on Create App Integration button.

In the dialog that opens, select SAML 2.0

In General Settings, set the following:

App name: Arnica App logo: you can download the logo from here and upload it to Okta

In Configure SAML -> A: SAML Settings

In General
A. Single sign-on URL: enter https://arnica-prod.us.auth0.com/login/callback?connection={YOUR_ARNICA_ORGANIZATION_ID}
B. Audience URI (SP Entity ID): enter urn:auth0:arnica-prod:{YOUR_ARNICA_ORGANIZATION_ID} C. Leave the other fields with their default value.
In “Attribute Statements”: add the following mappings (These statements are case sensitive)
Name
Name format
Value
email
Unspecified
user.email
given_name
Unspecified
user.firstName
family_name
Unspecified
user.lastName
email_verified
Unspecified
true
In "Group Attribute Statements": add the following mapping:
Name
Name format
Filter
groups
Unspecified
Starts with: arnica-
image
⚠️ IMPORTANT: The filter must match the directory groups, i.e. for the above it will send only groups that start with arnica- (case sensetive)
Click Next (Though the section title says “Optional” this step is required for Arnica integration)
In Feedback
A. Are you a customer or partner? Mark “I'm an Okta customer adding an internal app”
B. Leave other fields empty and click Finish

Under Sign On -> Settings -> Sign on methods -> SAML 2.0, click on More details

1. Copy the Sign on URL

2. Download the Signing Certificate

Send the following to support@arnica.io the following information.

Subject: SSO Onboarding Request
Email domain: the domain for which you would like to setup SSO, e.g., yourcompany.com
Arnica Organization ID: your arnica organization ID obtained earlier.
Sign on URL: the Sign on URL from the step above.
Attach the Signing Certificate from the step above.
Leave a contact phone number and available times for Arnica’s customer success to help with the onboarding process.
We are typically fast at responding to these requests, but please allow up to 1-2 business days to get confirmation.