Skip to main content

Configure SSO With Okta

availability
Platform:WebMobile
Plan Type:BasicEssentialPremiumEnterprise
User Type:RequesterFull UserAdministrator

This article explains how to set up single sign-on (SSO) for MaintainX® using Okta as the identity provider (IdP).

Requirements​

  • A MaintainX Enterprise account.
  • An Administrator user profile with access to the MaintainX organizations you want to set up SSO for.
  • Access to the Okta administrator console with the privileges needed to set up SSO.

Get Your MaintainX® Configuration Information​

  1. Log into MaintainX as an Administrator.

  2. From the sidebar, open the Settings menu and select Customizations.

  3. On the Customizations tab, go to Single Sign-On (SSO) Self-Serve and select Set SSO Preferences.

    • If MaintainX doesn't have IdP information for your organization, the Register Identity Provider dialog opens.​

      Select Create to generate your IdP information and open the Single Sign-On Configuration dialog.​

    • If MaintainX does have IdP information for your organization, the Single Sign-On Configuration dialog opens right away.​

tip

Leave the Single Sign-On Configuration dialog open. During the configuration, you will need to copy some values from Okta into MaintainX and copy some values from MaintainX into the Okta administrator console.

Create an Application in Okta​

  1. Log into the Okta administrator console.
  2. From the sidebar, select Applications > Applications.
  3. Select Create App Integration. The Create a new app integration dialog opens.
  4. Select SAML 2.0 as the Sign-in method.
  5. Select Next. The Create SAML Integration options appear.
  6. On the General Settings tab, enter a name for your app in the App name field. Then select Next.

Copy Your SSO URLs from MaintainX to Okta​

In the Okta administrator console:

  1. On the Configure SAML tab, go to the General section.

  2. Copy the URLs from the MaintainX Single Sign-On Configuration into the correct fields in the Okta console:

    MaintainX ValueURLOkta Field
    ACS URLhttps://maintainx.okta.com/sso/saml2/<your-maintainx-sso-entity-id>Single sign-on URL
    Entity ID (Audience URI)https://www.okta.com/saml2/service-provider/<your-maintainx-sso-entity-id>Audience URI (SP Entity ID)
    Start URLhttps://app.getmaintainx.com/auth/login/saml/<your-maintainx-sso-entity-id>Default Relay State

Define the Attribute Statements​

In the Okta administrator console:

  1. On the Configure SAML tab, go to the Attribute Statements (optional) section.

  2. Add the following attribute statements, configured as follows:

    NameName FormatValue
    emailUnspecifieduser.email
    firstNameUnspecifieduser.firstName
    lastNameUnspecifieduser.lastName

  3. Select Next.

Finish the Application Setup​

In the Okta administrator console:

  1. On the Feedback tab, choose whether to answer the feedback questions.
  2. When you're ready, select Finish.

Download Your SAML Signing Certificate​

You need a SAML signing certificate to make Okta an identity provider in MaintainX.

In the Okta administrator console:

  1. From the sidebar, select Applications > Applications.
  2. In the Applications list, select the application you just created.
  3. In the application settings, go to the Sign On tab.
  4. Navigate to the SAML Signing Certificate section.
  5. In the certificates table, locate the row for the active certificate (Status is Active).
  6. Select Actions > Download Certificate.
Updating Your Certificate

You have to update your SAML signing certificate periodically. Starting one month before your certificate expires, MaintainX sends email reminders to your organization Administrator every seven days.

To update your certificate, download a new certificate from Okta and upload it to MaintainX (see Upload Your SAML Signing Certificate to MaintainX).

Copy Your IdP Configuration Settings From Okta to MaintainX​

In the Okta administrator console:

  1. From the sidebar, select Applications > Applications.

  2. In the Applications list, select the application you just created.

  3. In the application settings, go to the Sign On tab.

  4. Navigate to the Settings > Sign on methods > SAML 2.0 section.

  5. Copy the URLs in the following fields. You will need to provide them to MaintainX.

    • Sign on URL
    • Issuer
note

If you don't see the fields right away, look in the SAML 2.0 section for the Metadata details and expand the More Details options 1.

Screenshot of the Okta interface showing the 'More Details' options for SAML 2.0 metadata
'More Details' options for SAML 2.0 configuration in the Okta interface

In MaintainX:

  1. Open the Single Sign-On Configuration dialog.

  2. Go to the Identity Provider Configuration settings.

  3. Copy the following values from the Okta administrator console into MaintainX:

    Okta ValueURLMaintainX Field
    Sign on URLhttps://<your-organization>.okta.com/app/<okta-app-name>/<your-okta-sso-app-id>​/sso/samlSingle Sign On (SSO) URL
    Sign on URLhttps://<your-organization>.okta.com/app/<okta-app-name>/<your-okta-sso-app-id>​/sso/saml​Destination
    Issuerhttps://www.okta.com/<your-okta-sso-app-id>Issuer URI

Upload Your SAML Signing Certificate to MaintainX​

In MaintainX:

  1. Open the Single Sign-On Configuration dialog.
  2. Select Certificate > Upload.
  3. Select the certificate you downloaded from Okta earlier, and submit it.

Next Steps​

After you configure SSO, there are a few more things you need to do to finish the setup.

  • Test your SSO setup.
  • Map your domains.
  • Set the default account type for new users.
  • Migrate your existing users to SSO.
  • Enable SSO for your other MaintainX organizations.

For more information, see Set Up SSO.