Tutorial: Okta SSO integration with SSO for GTP Services via SAML

Owned by Terry Humphries
Last updated: Nov 03, 2022
3 min read

In this tutorial you will learn how to integrate SSO for GTP Services with your organization’s Okta account. Which will enable your organization to:

  • Manage your user accounts in the Okta portal

  • Enforce password/MFA polices at your discretion

 Instructions

  1. Decide if you’re going to test SSO in the GTP Sandbox environment. Using the Sandbox will allow you to experience how the login process for GTP Services will change with SSO enabled.

2. Pick an Organization Tag for your organization. The Organization Tag is a unique identifier used by SSO setup for your connection to GTP Services. It can be any length, we suggest using some form of your domain name(s). For example for our GoGTP.com domain we use GoGTP as our Organization Tag. Create a new GTP Service Desk ticket. Give it a title of SSO for STRATUS. Paste what you've chosen as your Organization Tag in the body of the ticket.

3. From the Okta Portal Home page, select Applications

4. Then click Create App Integrations and select SAML 2.0 and click next

 

5. Use an App name that identifies this a SSO for GTP Services. Also, append the environment, Production or Sandbox. As each environment requires its own app definition. Then click next.

 

6. For the Single sign on URL use either:

Production: https://login.gtpstratus.com/gtpservices.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer

Sandbox:

https://login-yuma.gtpstratus.com/gtpnpe.onmicrosoft.com/B2C_1A_TrustFrameworkBase/samlp/sso/assertionconsumer

Then for Audience URI use:

Production: api://GTPSERVICES.XXXXXX Sandbox: api://GTPNPE.XXXXXX

Where XXXXXX is replaced with your Organization Tag from step 2

Set Name ID format to EmailAddress and Application username to Email

7. Scroll down and add the following Attributes:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname user.lastName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name user.email

http://schemas.microsoft.com/identity/claims/displayname user.firstName + ' ' + user.lastName

In all cases set the name format to URI Reference

 

8. Click Next then select I’m an Okta customer, then click Finish

9. Scroll down and click View SAML setup instructionsI

 

10. A new tab will open copy the data in the Identity Provider Single Sign-on URL and include it in the service desk ticket you created

 

11. At this point your ready to add user in Okta to the application you just created

Once we’ve completed the setup on the GTP side we’ll contact you about testing in the Sandbox if you chose to set it up, otherwise we will contact you about scheduling a Production switch over.

 

 

© Copyright 2022 GTP Services, LLC All rights reserved. | About | Contact