Skip to main content

Configure SSO With Okta

availability
Platform:WebMobile
Plan Type:BasicEssentialPremiumEnterprise
User Type:RequesterFull UserAdministrator

This article explains how to set up single sign-on (SSO) for MaintainX using Okta as the identity provider (IdP).

Requirements​

  • A MaintainX Enterprise account.
  • An Administrator user profile with access to the MaintainX organizations you want to set up SSO for.
  • Access to the Okta administrator console with the privileges needed to set up SSO.

Get Your MaintainX Configuration Information​

  1. Log into MaintainX as an Administrator.

  2. From the sidebar, open the Settings menu and select Customizations.

  3. On the Customizations tab, go to Single Sign-On (SSO) Self-Serve and select Set SSO Preferences.

    • If MaintainX doesn't have IdP information for your organization, the Register Identity Provider dialog opens.​

      Select Create to generate your IdP information and open the Single Sign-On Configuration dialog.​

    • If MaintainX does have IdP information for your organization, the Single Sign-On Configuration dialog opens right away.​

tip

Leave the Single Sign-On Configuration dialog open. During the configuration, you will need to copy some values from Okta into MaintainX and copy some values from MaintainX into the Okta administrator console.

Create an Application in Okta​

  1. Log into the Okta administrator console.
  2. From the sidebar, select Applications > Applications.
  3. Select Create App Integration. The Create a new app integration dialog opens.
  4. Select SAML 2.0 as the Sign-in method.
  5. Select Next. The Create SAML Integration options appear.
  6. On the General Settings tab, enter a name for your app in the App name field. Then select Next.

Copy Your SSO URLs from MaintainX to Okta​

In the Okta administrator console:

  1. On the Configure SAML tab, go to the General section.

  2. Enter the URLs from the MaintainX Single Sign-On Configuration in the correct fields:

    Copy this value from MaintainXInto this field in Okta
    ACS URL
    Starts with: https://maintainx.okta.com/sso/saml2/    		Single sign-on URL
    Entity ID (Audience URI)
    Starts with: https://www.okta.com/saml2/service-provider/    		Audience URI (SP Entity ID)
    Start URL
    Starts with: https://app.getmaintainx.com/auth/login/saml/    		Default Relay State

Define the Attribute Statements​

In the Okta administrator console:

  1. On the Configure SAML tab, go to the Attribute Statements (optional) section.

  2. Add the following attribute statements, configured as follows:

    NameName FormatValue
    emailUnspecifieduser.email
    firstNameUnspecifieduser.firstName
    lastNameUnspecifieduser.LastName

  3. Select Next.

Finish the Application Setup​

In the Okta administrator console:

  1. On the Feedback tab, choose whether to answer the feedback questions.
  2. When you're ready, select Finish.

Download Your SAML Signing Certificate​

You need a SAML signing certificate to make Okta an identity provider in MaintainX.

In the Okta administrator console:

  1. From the sidebar, select Applications > Applications.
  2. In the Applications list, select the application you just created.
  3. In the application settings, go to the Sign On tab.
  4. Navigate to the SAML Signing Certificate section.
  5. In the certificates table, locate the row for the active certificate (Status is Active).
  6. Select Actions > Download Certificate.

Copy Your IdP Configuration Settings From Okta to MaintainX​

In the Okta administrator console:

  1. From the sidebar, select Applications > Applications.

  2. In the Applications list, select the application you just created.

  3. In the application settings, go to the Sign On tab.

  4. Navigate to the Settings > Sign on methods > SAML 2.0 section.

  5. Copy the URLs in the following fields. You will need to provide them to MaintainX.

    • Sign on URL
    • Issuer

In MaintainX:

  1. Open the Single Sign-On Configuration dialog.
  2. Go to the Identity Provider Configuration settings.
  3. Enter the following values from the Okta administrator console:
Copy this value from OktaInto these fields in MaintainX
Sign on URL
Sign on URL starts with https://{YOUR ORGANIZATION}.oktapreview.com/app/​		Single Sign On (SSO) URL
and
Destination
Issuer
​The Issuer starts with https://www.okta.com/		Issuer URI

Upload Your SAML Signing Certificate to MaintainX​

In MaintainX:

  1. Open the Single Sign-On Configuration dialog.
  2. Select Certificate > Upload.
  3. Select the certificate you downloaded from Okta earlier, and submit it.

Next Steps​

After you configure SSO, there are a few more things you need to do to finish the setup.

  • Test your SSO setup.
  • Map your domains.
  • Set the default account type for new users.
  • Migrate your existing users to SSO.
  • Enable SSO for your other MaintainX organizations.

For more information, see Set Up SSO.