Okta Provider

Okta is a leading identity and access management (IAM) platform that provides SSO, MFA, user lifecycle management, and identity federation. When integrated with LoginRadius as a Custom Identity Provider (IdP) using SAML, Okta enables secure and seamless authentication for employees, partners, and customers while centralizing identity management across applications.

With this setup, you can:

• Use Okta-managed credentials to authenticate users.
• Expand your identity federation strategy to applications linked through LoginRadius.
• Retain centralized identity management while benefiting from LoginRadius features like analytics, customer segmentation, and flexible login experiences.

Key Features

Here are some key features of using Okta as Custom IdP with LoginRadius

• SAML 2.0 Federated Login: Authenticate users through Okta using SAML-based federation.
• Secure Assertion Exchange: Ensure safe validation of login sessions with certificate-based authentication.
• Effortless Configuration: Seamlessly set up and manage Okta as a Custom IdP via the LoginRadius Console.
• Custom Branding: Display a branded Okta login button on your authentication interface.
• Comprehensive SSO Support: Manage full SAML-based login and logout flows, including single logout (SLO).

Use Cases

Here are some use cases for integrating Okta with LoginRadius:

• Enterprise SSO: Allow employees to access your applications seamlessly using their Okta-managed enterprise credentials.
• Secure B2B Access: Enable partner organizations to authenticate with their existing Okta identity systems, ensuring secure and seamless collaboration.
• Customer Identity Federation: Let customers use their Okta credentials to access your applications, streamlining authentication while maintaining security.
• Multi-Tenant Identity Management: Manage identities across different business units or subsidiaries while maintaining centralized control via Okta.
• Regulatory Compliance: Utilize Okta’s security and auditing capabilities to meet compliance requirements such as HIPAA, GDPR, and SOC 2.
• Enhanced Security with MFA: Strengthen authentication by enforcing Okta’s multi-factor authentication (MFA) policies for added security.

Configuration

Okta Console

Follow this guide to create the SAML application in Okta:
SAML App Integrations

Use the following details during setup:

On the General Settings Tab, add your App Name, App Logo, and App Visibility as per your requirements.

On the Configure SAML Tab, fill in the following details:

Field	Description	Value
Single sign-on URL(ACS Url)	The location where the SAML assertion is sent with a HTTP POST. This is often called the SAML Assertion Consumer Service (ACS) URL for your application.	https://<Site Name>.hub.loginradius.com/service/saml/sp/login
Audience URI (SP Entity ID)	The application-defined unique identifier that is the intended audience of the SAML assertion. This is most often the SP Entity ID of your application.	https://<Site Name>.hub.loginradius.com/
Default RelayState	Identifies a specific application resource in an IDP initiated Single Sign-On scenario. In most instances this is blank.	If no value is set, a blank RelayState is sent
Name ID format	Identifies the SAML processing rules and constraints for the assertion's subject statement. Use the default value of 'Unspecified' unless the application explicitly requires a specific format.	Here are the available value options for this field: Unspecified EmailAddress x509SubjectName Persistent Transient
Application username	Determines the default value for a user's application username. The application username will be used for the assertion's subject statement.	Here are the available value options for this field: Okta username Okta username prefix Email Email prefix Custom None
Update the application username on		Create and update

After configuring the application, download the SAML Metadata or X.509 Certificate for use in LoginRadius.

LoginRadius Console

1. Log in to the LoginRadius Console

2. Navigate to Authentication > Custom IDPs

3. Add Okta IDP:

   • Click Add Custom IDP at the top-right corner.

   • Select the Okta card from the list.

4. Fill Configuration Fields:

   • Name: This will appear on the login screen.

   • ID Provider Location: Enter the SAML SSO URL (Assertion Consumer Service endpoint) from the Okta.

   • ID Provider Logout URL: Add the logout URL from the Okta.

   • ID Provider Certificate: Enter the certificate, which should be in the metadata you have downloaded from Okta.

     Ensure the certificate is wrapped like:

     -----BEGIN CERTIFICATE-----
     <Your Certificate>
     -----END CERTIFICATE-----

5. Save Configuration: Click Save to create the Okta IDP. It will now appear in the list of configured IDPs.

6. Toggle the “Include in Social Schema” to include the “Login with <<AppName>>“ button in the Social Login Schema.

Integration Details

After configuring the Okta Custom IDP:

• The Okta login button will appear on your LoginRadius-hosted login interface.

• Users can initiate login from the LoginRadius screen and be redirected to Okta for authentication.

• After a successful login, users are redirected back to your LoginRadius site with a valid session.

• For API or SDK-based flows, ensure the custom IDP name is passed correctly in the login request and matches the Name set during configuration.

Related Resources

• Custom IDPs
• SAML 2.0 Overview