Create a SAML app at the Azure AD Identity Provider tenant

  • Updated

To use Okta with with Opti ID , create a custom application in Azure AD.

Create a direct access app in Azure AD for your Okta tenant

  1. Sign into the Azure portal using either a work or school account, or a personal Microsoft account.
  2. Select the Azure Active Directory service.
  3. Go to Enterprise Applications > All Applications.
  4. Select New application.
  5. In the Manage section of the left menu, select Single sign-on (SSO) to open the Single sign-on pane for editing.
  6. Select SAML (Security Assertion Markup Language) to open the SSO configuration page. After the application is configured, users can sign into it by using their credentials from the Azure AD tenant.
  7. To configure SSO in Azure AD, in the Azure portal, select Edit in the Basic SAML Configuration section on the Set up single sign-on pane.
    • Identifier – Enter https://www.okta.com/saml2/service-provider/ .
    • Reply URL (Assertion Consumer Service URL) – Enter https://foo.com/sso/saml2/.
    • Click Save.

      SAML-Azure-1.png

  8. In the SAML Certificates section, select Download for Certificate (Base64) to download the SAML signing certificate and save it to be used later.

    SAML-Azure-2.png

    SAML-Azure-3.png

  9. Go to https://www.login.optimizely.com and login using your technical contact email and password you set up.
  10. Once logged in, you should be in the Optimizely Admin Center. Click SSO Settings.

    Opti-ID-05.png

  11. In the Single Sign-on view, enter the Issuer URL (Azure AD identifier) and SSO URL (Login URL) you obtained and then select your certificate from your local file system.

    Opti-ID-06.png

  12. Click Submit.
  13. Copy the two values in the SSO Connection Details section. These values will replace the dummy values provided in step 7.

    Opti-ID-07.png

  14. After receiving those values from the Opti ID/Setup Identity Provider screen, open the configuration for the application you created and update the following values:
    • Assertion Consumer Service URL (used as the Single Sign on URL in the configuration).
    • Identifier (Entity ID) (used as the Audience Restriction in the configuration).

The setup is complete.

Test the setup

Open an Incognito window and go to https://www.login.optimizely.com. When you enter your email and click Next, it should redirect you to your organization's identity provider. If there are any issues with signing in with your Incognito tab, double-check your settings. If that fails, click Remove Connection in your Optimizely Admin Center's SSO Settings to clear out your settings and try again.

If it does not work correctly, there may be a custom attribute mapping that needs to happen between Azure AD and the Optimizely Okta tenant. Contact support for help.