OKTA / SAML SSO Integration

Guide to setup SAML SSO Integration

Information needed to complete the integration:

  1. Single sign on URL: https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/acs/
  2. Audience URI (SP Entity ID): https://<COMPANY_SUBDOMAIN>.bucketlist.org/saml2/metadata/
  3. Name ID Format: Email Address
  4. Application Username: Email
  5. Attribute Mappings:
    1. mail -> user.email (Name Format: Unspecified)
    2. cn -> user.firstName (Name Format: Unspecified)
    3. sn -> user.lastName (Name Format: Unspecified)
  6. Signature verifying certificate -> Request Bucketlist product team for the public key signing certificate

Information required to provide BucketlistRewards

  1. Metadata in XML (remote file URL or the file itself)

Once you provide XML metadata (remote or file), request Bucketlist product team to enable SAML SSO for the company.


Step by step guide for OKTA

  1. Log into your OKTA admin and select "Applications" from left menu
    Screen Shot 2021-03-17 at 8.32.41 PM 
  2. Click on "Add Application" button
    Screen Shot 2021-03-17 at 8.34.49 PM
  3. Click on "Create New App" button
    Screen Shot 2021-03-17 at 8.36.57 PM
  4. In the create application dialog, select "Web" as platform and "SAML 2.0" as Sign on method. Click "Create" button to create the application.
    Screen Shot 2021-03-17 at 8.38.31 PM
  5. On the "SAML Settings" screen, enter https://company-subdomain.bucketlist.org/saml2/acs/ as Single sign on URL and https://company-subdomain.bucketlist.org/saml2/metadata/ as Audience URI (SP Entity ID). Remember to replace "company-subdomain" with your company's actual subdomain. Select "EmailAddress" for Name ID format and "Email" for Application username.
    Screen Shot 2021-03-17 at 8.43.32 PM
  6. For Attribute statements, add following mappings and press "Next"
    1. mail -> user.email (Name Format: Unspecified)
    2. cn -> user.firstName (Name Format: Unspecified)
    3. sn -> user.lastName (Name Format: Unspecified)
      Screen Shot 2021-03-17 at 8.48.30 PM
  7. Select an appropriate option from the last screen and press "Finish" to complete the appScreen Shot 2021-03-17 at 8.50.55 PM
  8. Next we need to assign the newly created app to people in our company. Otherwise, they would not be able to use the app. Select "Assignments" tab from top navigation of the newly created app.
    Screen Shot 2021-03-17 at 8.52.22 PM
  9. Open the "Assign" dropdown and select "Assign to People"
    Screen Shot 2021-03-17 at 8-53-55 PM-png
  10. From Assign dialog, search for people from your company, and click "Assign" button in front of their name.
    Screen Shot 2021-03-17 at 8.55.44 PM
  11. Confirm that the "User Name" of the user is their email address and press "Save and Go Back".
    Screen Shot 2021-03-17 at 8.56.01 PM
  12. Once done with all assignments, click the "Done" button to complete assign process.
    Screen Shot 2021-03-17 at 8.56.17 PM
  13. Now click on "Sign On" tab of the app.
    Screen Shot 2021-03-17 at 8.56.29 PM
  14. Right click the "Identity Provider metadata" link and copy the link location. Share this metadata URL with the Bucketlist product team.
    Screen Shot 2021-03-17 at 9.06.27 PM