Configuring Okta
Getting ready
As an administrator log into Okta and click on the Admin button to the top right of the screen. From here click on "Developer Console > Classic UI" found at the top left of the screen.
Note that you will need to complete the below steps twice, once for desktop and once for mobile. Where the mobile configuration differs, it will be noted.
Configuration steps
1. Add a new application
Add a new application by clicking the Add Applications link which is located under Shortcuts to the right-hand side of the screen. Click the Create New App button and complete the details as seen below.
2. Name your application
Enter a name for your new App (eg. Crowdicity) and upload an image if required.
Differences for mobile
โ
You should name your mobile app something distinct, such as "Crowdicity Mobile".
3. Configuration
Complete the fields as per the screenshot below, you will need to click the Show Advanced Settings link to display all the fields. The values for the Single Sign On URL and Audience Restriction are based on your community URL. See the section "Differences for mobile configuration" to find these values for mobile configuration.
Single Sign On URL:
https://[yourcommunity.crowdicity.com]/saml/module.php/saml/sp/saml2-acs.php/crowdsaml2
Audience Restriction:
https://[yourcommunity.crowdicity.com]/saml/module.php/saml/sp/metadata.php/crowdsaml2
Differences for mobile configuration
"Response" should be set to "Unsigned".
The URLs are different for mobile, and also different for users in different regions:
Single Sign On URLs for mobile
UK | https://mobile.crowdicity.com/proxy/saml |
Australia | https://mobile.crowdicity.com.au/proxy/saml |
Ireland | https://mobile.crowdicity-ie.medallia.com/proxy/saml |
US | https://mobile.crowdicity-us1.medallia.com/proxy/saml |
Audience Restriction for mobile
UK | https://mobile.crowdicity.com/entityDescriptor.xml |
Australia | https://mobile.crowdicity.com.au/entityDescriptor.xml |
Ireland | https://mobile.crowdicity-ie.medallia.com/entityDescriptor.xml |
US | https://mobile.crowdicity-us1.medallia.com/entityDescriptor.xml |
4. Assertions
Under the section titled Attribute Statements (Optional) you will need to configure the Okta claims. Crowdicity has required assertions that need to be set up as a minimum in order for the SAML configuration to operate correctly. The screenshot below with the highlighted fields is based on the Simple schema for user identities.
You are also able to pass additional assertions into dynamic groups as shown in this screenshot (e.g. department and city). Please refer to https://app.intercom.com/a/apps/bzu0o9yd/articles/articles/4530019/show for more information about dynamic groups.
5. Get metadata
Click the Next button at the bottom of the screen and complete the questions on the final page before clicking Finish. On the next page, click the Identity Provider metadata link to download an XML file, which you will be required to upload into the Crowdicity community (see below).
6. Assign users
The final step is to assign the users. Simply click on the Assignments tab and add the relevant people you wish to allow into the community.
Configuring Crowdicity
Use the metadata from Okta, follow the steps below:
1. From the Crowdicity Admin menu, select Community Settings then Authentication. On this screen, you can select the authentication methods your community will use, and the order that they are presented in.
The Crowdicity account login method can't be removed, however, it does not have to be the primary login method for your community. If you want SAMLv2 to appear first, you can choose the order in which each login method appears by clicking Order and selecting
2. Click Submit your metadata to pop up a new window, and then click Submit new metadata.
3. Paste your XML metadata into this box, and click submit. If the metadata is accepted, the screen will refresh and your endpoints will be listed, as in the example below.
Repeat this process to submit mobile metadata - you should use the same metadata you used for desktop.
4. Click Enable for the SAMLv2 option, and then click Save at the bottom of the page.
โ
Once this has been done, the Crowdicity login screen will present Organisation login as an option for users on the login page:
Using this option will redirect users to your login screen and return them to Crowdicity upon a successful login.