Search Knowledge Base by Keyword
This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for Okta.
WinKK Passport Initial Configurations
- Open passport.winkk.com/partner, login with your profile, and open the Applications tab.
- Add a new application.
- Name – doesn’t matter
- URL – https://www.okta.com
- Interface – SAML2
- Authentication type – doesn’t matter
- Audience and ACS URL should be left blank
- Click Save and leave this tab opened in a browser to view the created app’s identifier and fill the rest fields later.
- Open the admin dashboard: https://organization-admin.okta.com/admin/dashboard, where organization should be replaced with your organization name provided during a sign up in Okta. Go to Security -> Identity Providers.
- Then click on Add Identity Provider:
- Fill all configs in the following way.
- Name – doesn’t matter
- Protocol – SAML2
- IdP Username – select idpuser.subjectNameId
- Filter – should be configured on your will, can be left unchecked
- Match against – Okta Username or Email
- If no match is found – it’s better to select Redirect to Okta sign-in page to see a redirect to Okta sign-in page if something goes wrong during the configuration
- IdP Issuer URI – Winkk Passport IdP
- IdP Single Sign-On URL https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth where YOUR_APPLICATION_ID is the identifier obtained in the previous section
- IdP Signature Certificate – can be obtained at passport.winkk.com/partner/example/idp.winkk.com.crt
- Request Binding – HTTP POST
- Request Signature – uncheck the Sign SAML Authentication Requests option
- Response Signature Verification – select Assertion
- Response Signature Algorithm – select SHA-1
- Destination – https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth, where YOUR_APPLICATION_ID is the identifier obtained in the previous section
- Okta Assertion Consumer Service URL – select Trust-specific
- Max Clock Skew – can be left unchanged with 2 minutes
- Click Add Identity Provider.
WinKK Passport Final Configurations
- After the previous step, Okta will provide Assertion Consumer Service URL and Audience URI configs.
- Return to the tab with the created application in WinKK Passport and fill.
- Audience – with Audience URI from Okta,
- ACS URL – with Assertion Consumer Service URL from Okta:
- Click Save.
- To initiate a SAML-based authentication go to the Assertion Consumer Service URL provided by Okta. During the SAML authentication make sure to use a profile in the WinKK Passport mobile app with a validated email of some user actually registered in Okta in your organization.
Was this article helpful?