Ideagen Luminate logo Ideagen Luminate logo
Navigation
Need help?
Send feedback
Sign in
This page does not meet FedRAMP security standards. Please avoid entering sensitive or classified information. Learn more
Learn more
Learn more

Looking for help?

Common queries

View all

Send us feedback

Megaphone illustration

Before you start

This form is for Ideagen Luminate feedback only. Your submission will not receive a response.

Looking for support? Select the solution you need help with and open a ticket with us.
New article Recently updated

Assurance SSO | Okta (formerly SaaSure)

By Otis Stevenson
  • Last updated
⌘ K
Search this article
Print this article

Who is this article for?

Administrators who want guidance on setting up SSO in Assurance through Okta.

Administration Access is required.

Assurance supports Single Sign-On (SSO) through Okta (formerly known as SaaSure). The setup process takes around 15 minutes and involves creating and configuring a custom SAML app in Okta and then configuring SSO in Assurance.

1. How to create a custom SAML app in Okta?

Creating and configuring a custom SAML app in Okta
To create and configure a custom SAML app in Okta, refer to How to Configure a Custom SAML App. You will be redirected to the Okta Help Centre.

1. Sign in to the Okta Admin Console.

2. Navigate to Applications -> Applications -> Create App Integration.

3. Select 'SAML 2.0' as the Sign-in method and then select Next.

4. On the General Settings page, enter 'Ideagen Policy Logic Assurance' as the App name and then select Next.

5. On the Configure SAML page, configure the following SAML Settings and then select Next.

Option SAML Setting
Single sign-on URL

Enter the following URL, replacing '{subdomain}' with your organisation's Assurance subdomain:

https://{subdomain}.csassurance.com/d/users/auth/saml/callback
Audience URI (SP Entity ID)

Enter the following URI, replacing '{subdomain}' with your organisation's Assurance subdomain:

https://{subdomain}.csassurance.com
Name ID format EmailAddress
Application username Email

6. On the Feedback page, select 'I'm an Okta customer adding an internal app' and then select Finish.

7. On the Assignments screen, assign users and group to the application as required. We suggest setting up a dynamic group with all users.

8. On the Sign On screen, select 'View SAML setup instructions' under SAML Setup and copy the following values. You will need these when configuring SSO in Assurance later in the setup process.

  1. Identity Provider Single Sign-On URL
  2. X.509 Certificate

9. Calculate the fingerprint of the X.509 Certificate using a tool like SAML X.509 Certificate Fingerprint - Online SHA1 Decoder. Copy the Formatted FingerPrint. You will need this when configuring SSO in Assurance later in the setup process.

2. How to configure SSO in Assurance?

1. Select the Administration cog icon from the navigation bar and then select the Organisation button under the 'General' section.

2. On the Organisation screen, select the Edit button under the 'Details' tab.

3. Under the 'Sign On & Security' section, select the Single Sign On through SAML option.

4. In the fields that appear, update the following values.

Field Value
Name Enter a user-facing display name, like 'Okta', which will appear on the Login screen as a 'Sign in using Okta' button.
Issuer

Enter the following Issuer, replacing '{subdomain}' with your organisation's Assurance subdomain:

https://{subdomain}.csassurance.com
IDP SSO Target URL Enter the 'Identity Provider Single Sign-On URL' value from Okta.
Federation XML URL (Leave this blank)
IDP Certificate SHA1 Fingerprint Enter the 'Formatted FingerPrint' value.
ID Claim/Name ID Format urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
Restrict login to use Single Sign On only When selected, the email and password fields will be hidden on the login screen.

5. Select the Update button to save your changes.

6. Sign out of Assurance by selecting your avatar icon from the navigation bar and then selecting the Logout option from your account dropdown menu. You will be directed to the Login screen.

7. Select the button to Sign in using {Name} and verify that SSO is working as expected.

3. Configuration assistance

If you require additional assistance with configuring SSO, our Professional Services team is here to help.

Our consultants can assist you with the configuration process, ensuring a seamless and efficient integration tailored to your specific needs.

To engage our Professional Services team, please get in touch today, and we will be happy to assist you further.

4. Limitations

3.1. No Assurance user found for email

Symptom

User receives a 'No Assurance user found for email' message when logging in using SSO.

Resolution

Ensure an Assurance account with the corresponding email has been created for the user before trying again.

What do you think about this article?

Your feedback helps us improve

More articles in this section

Looking for more help? Ask the Community

On this page