HowTo: Configuring SAML 2.0 GAM Authentication type using Okta

Official Content
This documentation is valid for:

This document explains the steps to follow in Okta and GAM to configure authentication with Okta as IDP for GeneXus Access Manager (GAM) using SAML 2.0 Authentication type.

Okta Configuration:

  1. Go to the website of Okta 
  2. Once logged in, click on the profile icon, and click on the Your apps menu option as shown in the image below:

i1_202111261428_1_jpg

        3. Follow the steps below to create an application with SAML authentication:

i2_2021112614233_1_jpg
i3_202111261430_1_JPG

        4. Configuration:

i4_2021112614324_1_jpg

Single sign-on URL: URL of the application’s local site, following this format: 

  • Java:  https://<domain>/<base_url>/saml/gam/signin
  • Net: https://<domain>/<base_url>/Saml2/Acs


Audience URL (SP Entity ID): It can contain any value, but here you must enter the same value as in the Service Provider Entity ID GAM back-end field.

i5_jpg

The defined field names will be used in the GAM back end in the User Information tab to obtain data about the users.

The rest of the application settings in Okta can be used by default.

         5. Once the application is created, go to the Sing On tab and then to the View Setup Instruction button: 

i6_2021112614410_1_jpg

You will be redirected to a site containing what you need to configure GAM.

i7_20211126175244_1_jpg

GAM Configuration:

The GAM back end configuration for this authentication can be found here.

Distinctive aspects of this configuration:

General Tab

i8_20211126175852_1_jpg

The highlighted fields depend on the Okta configuration:

  1. As seen in step 4, the value here must be the same as in the Audience URL field in Okta.
  2. It is the Identity Provider Issuer value from step 5.
  3. It must contain the value of Identity Provider Single Sign-On URL also obtained in step 5 of the Okta configuration.

Credentials Tab

i10_20211129152026_1_jpg

It is a standard configuration, taking into account that in the last step of the Okta configuration we obtained the certificate of our application there, which will be used in the response part when generating the jks. For more information, read: HowTo: Generating certificates for authenticating using SAML 2.0 GAM Authentication.

User Information Tab

i9_2021112614528_1_JPG

The names defined in Okta must be used for the user attributes. 

See also

GAM SAML 2.0 Authentication type
HowTo: Generating certificates for authenticating using SAML 2.0 GAM Authentication