Okta offers a robust integration with Mapiq for Single Sign On (SSO) using the SAML 2.0 protocol. This article provides a step-by-step guide on configuring this integration, ensuring a seamless and secure SSO experience for users.
You'll learn about the requirements, supported features, configuration steps, and claims associated with Okta's SAML 2.0 integration with Mapiq.
Supported Features
The Okta Mapiq SSO integration supports:
SP-Initiated SSO
JIT (Just-In-Time Provisioning)
For a deeper understanding of thee features, refer to the Okta Glossary.
Configuration Steps
Note: Before you can start configuring SSO through Okta, make sure you have the necessary permissions in your Okta organization to install and configure applications.
Install the Okta Mapiq integration through the Okta Integration Network (OIN).
In the application, navigate to Sign On > Sign on methods and select "SAML 2.0".
Under Sign On > Sign on methods > SAML 2.0, locate the Metadata URL in the Metadata details section.
Contact Mapiq support or your designated Mapiq contact person and request SSO activation for Okta with SAML 2.0. Provide the previously copied Metadata URL and the email domains used by your users.
After receiving confirmation, you can start assigning users to the application.
Your users can now access Mapiq using Okta SSO. 🎉
Note: Mapiq doesn't offer a backup sign-in URL for Okta SAML integration misconfigurations. If you're locked out due to a configuration error, please contact Mapiq Support.
Claims Configuration
Required Claims
Mapiq expects specific SAML attributes, which are pre-configured in Okta.
These required attributes include:
Attribute Name | Value | Description |
givenname | user.firstName | The user’s first name. |
surname | user.lastName | The user’s last or family name. |
displayname | user.displayName | The user’s full name. |
emailaddress | user.email | The user’s email address. |
Optional Claims
There are also optional SAML claims for added functionality. These can be mapped to user properties as relevant to your organization.
These optional attributes include:
Attribute Name | Value | Description |
jobtitle | user.jobtitle | The user’s job title (e.g. ‘senior manager’, or ‘trainee’). |
department | user.department | The department the user is a part of (e.g. ‘finance’ or ‘IT support’). |
businessunit | user.companyname | The business unit the user is part of (e.g. ‘company logistics’). |
office | user.officelocation | The office where the user is based (e.g. ‘Amsterdam’ or ‘London’). |
country | user.country | The country in which the user is based (e.g. ‘NL’ or ‘The Netherlands’). |
externalid | user.externalid | An identifier, unique to the user, that can be leveraged in other platforms (e.g. an employee number). |
SP-Initiated SSO
Visit https://app.mapiq.com.
Click "Sign in".
Enter your company email address.
Authenticate using your Okta credentials.
💬 Need More Help?
If you’d like extra assistance, reach out via the Messenger (question mark in the corner) and chat with our support team, or email us at [email protected].
We’re always ready to help! 😉