OKTA / SAML SSO Integration

Guide to setup SAML SSO Integration

Information needed to complete the integration:

  1. Single sign on URL: https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/acs/
  2. Audience URI (SP Entity ID): https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/metadata/
  3. Name ID Format: Email Address
  4. Application Username: Email
  5. Attribute Mappings:
    1. mail -> user.email (Name Format: Unspecified)
    2. cn -> user.firstName (Name Format: Unspecified)
    3. sn -> user.lastName (Name Format: Unspecified)
  6. Signature verifying certificate -> Request Bucketlist product team for the public key signing certificate

Information required to provide BucketlistRewards

  1. Metadata in XML

Once you provide XML metadata, request Bucketlist product team to enable SAML SSO for the company.


Step by step guide for OKTA

This guide was last updated on September 16, 2022. The screenshots or steps may change over the time.

  1. Log into your OKTA admin and select "Applications" from left menu
    Screen Shot 2021-03-17 at 8.32.41 PM 
  2. Click on "Create App Integration" button
    Screenshot 2022-09-16 at 6.52.26 PM

  3. In the create new app integration dialog, select "SAML 2.0" as Sign-in method and click the "Next" button.
    Screenshot 2022-09-16 at 6.56.52 PM
  4. On the first step of create SAML integration wizard "General Settings", enter app name "Bucketlist Rewards" and click "Next".
    Screenshot 2022-09-16 at 6.59.09 PM
  5. On the second step of create SAML integration wizard "Configure SAML", update following fields:
    1. Single sign on URL: https://company-subdomain.bucketlist.org/saml2/acs/
    2. Audience URI (SP Entity ID): https://company-subdomain.bucketlist.org/saml2/metadata/
    3. Name ID format: EmailAddress
    4. Application username: Email
      Remember to replace "company-subdomain.bucketlist.org" with your company's Bucketlist subdomain. 
      Screenshot 2022-09-16 at 7.03.11 PM
  6. For Attribute statements, add following mappings and press "Next"
    Please note that the name format should be Unpecified
    1. mail -> user.email (Name Format: Unspecified)
    2. cn -> user.firstName (Name Format: Unspecified)
    3. sn -> user.lastName (Name Format: Unspecified)
      Screen Shot 2021-03-17 at 8.48.30 PM
  7. On the last step of create SAML integration wizard "feedback", select an appropriate option and press "Finish" to complete creating the SAML integration app.Screen Shot 2021-03-17 at 8.50.55 PM
  8. Next we need to assign the newly created app to people in our company. Otherwise, they would not be able to use the app. Select "Assignments" tab from top navigation of the newly created app.
    Screenshot 2022-09-16 at 7.39.52 PM
  9. Open the "Assign" dropdown and select "Assign to People". Alternatively, you can also assign the app to the groups.
    Screenshot 2022-09-16 at 7.41.25 PM
  10. From Assign dialog, search for people from your company, and click "Assign" button in front of their name.
    Screen Shot 2021-03-17 at 8.55.44 PM
  11. Confirm that the "User Name" of the user is their email address and press "Save and Go Back".
    Screen Shot 2021-03-17 at 8.56.01 PM
  12. Once done with all assignments, click the "Done" button to complete assign process.
    Screen Shot 2021-03-17 at 8.56.17 PM
  13. Now click on "Sign On" tab of the app.
    Screen Shot 2021-03-17 at 8.56.29 PM
  14. In the right column, look for "SAML Setup" heading and the "View SAML setup instructions" button underneath that. Click the button.
     Screenshot 2022-09-16 at 7.17.49 PM

  15. Scroll to the bottom of the "How to Configure SAML 2.0 for Bucketlist Rewards Application" page and copy the value of "IDP Metadata" under Optional heading. Share this metadata with the Bucketlist team.
    Please make sure that you copy the complete metadata including everything between <?xml version="1.0" encoding="UTF-8"?> and </md:EntityDescriptor>.
    Screenshot 2022-09-16 at 7.20.46 PM