OKTA / SAML SSO Integration

Guide to setup SAML SSO Integration

Information needed to complete the integration:

1. Single sign on URL: https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/acs/
2. Audience URI (SP Entity ID): https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/metadata/
3. Name ID Format: Email Address
4. Application Username: Email
5. Attribute Mappings:
   
   1. mail -> user.email (Name Format: Unspecified)
   2. cn -> user.firstName (Name Format: Unspecified)
   3. sn -> user.lastName (Name Format: Unspecified)
6. Signature verifying certificate -> Request Bucketlist product team for the public key signing certificate

Information required to provide BucketlistRewards

1. Metadata in XML
   
   

Once you provide XML metadata, request Bucketlist product team to enable SAML SSO for the company.

Step by step guide for OKTA

1. Log into your OKTA admin and select "Applications" from left menu
    
2. Click on "Create App Integration" button
   
   
   
3. In the create new app integration dialog, select "SAML 2.0" as Sign-in method and click the "Next" button.
   
4. On the first step of create SAML integration wizard "General Settings", enter app name "Bucketlist Rewards" and click "Next".
   
5. On the second step of create SAML integration wizard "Configure SAML", update following fields:
   
   1. Single sign on URL: https://company-subdomain.bucketlist.org/saml2/acs/
   2. Audience URI (SP Entity ID): https://company-subdomain.bucketlist.org/saml2/metadata/
   3. Name ID format: EmailAddress
   4. Application username: Email
      Remember to replace "company-subdomain.bucketlist.org" with your company's Bucketlist subdomain. 
      
6. For Attribute statements, add following mappings and press "Next"
   Please note that the name format should be Unpecified
   
   1. mail -> user.email (Name Format: Unspecified)
   2. cn -> user.firstName (Name Format: Unspecified)
   3. sn -> user.lastName (Name Format: Unspecified)
      
7. On the last step of create SAML integration wizard "feedback", select an appropriate option and press "Finish" to complete creating the SAML integration app.
8. Next we need to assign the newly created app to people in our company. Otherwise, they would not be able to use the app. Select "Assignments" tab from top navigation of the newly created app.
   
9. Open the "Assign" dropdown and select "Assign to People". Alternatively, you can also assign the app to the groups.
   
10. From Assign dialog, search for people from your company, and click "Assign" button in front of their name.
    
11. Confirm that the "User Name" of the user is their email address and press "Save and Go Back".
    
12. Once done with all assignments, click the "Done" button to complete assign process.
    
13. Now click on "Sign On" tab of the app.
    
14. In the right column, look for "SAML Setup" heading and the "View SAML setup instructions" button underneath that. Click the button.
     
    
    
15. Scroll to the bottom of the "How to Configure SAML 2.0 for Bucketlist Rewards Application" page and copy the value of "IDP Metadata" under Optional heading. Share this metadata with the Bucketlist team.
    Please make sure that you copy the complete metadata including everything between <?xml version="1.0" encoding="UTF-8"?> and </md:EntityDescriptor>.