Search Knowledge Base by Keyword


This guide describes the SAML integration process of WinKK Passport to be used as the Identity Provider for Okta.

WinKK Passport Initial Configurations

  1. Open passport.winkk.com/partner, login with your profile, and open the Applications tab.
  2. Add a new application.
  • Name – doesn’t matter
  • URL – https://www.okta.com
  • Interface – SAML2
  • Authentication type – doesn’t matter
  • Audience and ACS URL should be left blank
  1. Click Save and leave this tab opened in a browser to view the created app’s identifier and fill the rest fields later.

Okta Configurations

  1. Open the admin dashboard: https://organization-admin.okta.com/admin/dashboard, where organization should be replaced with your organization name provided during a sign up in Okta. Go to Security -> Identity Providers.
  2. Then click on Add Identity Provider:
  1. Fill all configs in the following way.
  • Name – doesn’t matter
  • Protocol – SAML2
  • IdP Username – select idpuser.subjectNameId
  • Filter – should be configured on your will, can be left unchecked
  • Match against – Okta Username or Email
  • If no match is found – it’s better to select Redirect to Okta sign-in page to see a redirect to Okta sign-in page if something goes wrong during the configuration
  • IdP Issuer URI – Winkk Passport IdP
  • IdP Single Sign-On URL https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth where YOUR_APPLICATION_ID is the identifier obtained in the previous section
  • IdP Signature Certificate – can be obtained at passport.winkk.com/partner/example/idp.winkk.com.crt
  • Request Binding – HTTP POST
  • Request Signature – uncheck the Sign SAML Authentication Requests option
  • Response Signature Verification – select Assertion
  • Response Signature Algorithm – select SHA-1
  • Destination – https://passport.winkk.com/saml2a/YOUR_APPLICATION_ID/auth, where YOUR_APPLICATION_ID is the identifier obtained in the previous section
  • Okta Assertion Consumer Service URL – select Trust-specific
  • Max Clock Skew – can be left unchanged with 2 minutes
  1. Click Add Identity Provider.

WinKK Passport Final Configurations

  1. After the previous step, Okta will provide Assertion Consumer Service URL and Audience URI configs.
  1. Return to the tab with the created application in WinKK Passport and fill.
  • Audience – with Audience URI from Okta,
  • ACS URL – with Assertion Consumer Service URL from Okta:
  1. Click Save.
  2. To initiate a SAML-based authentication go to the Assertion Consumer Service URL provided by Okta. During the SAML authentication make sure to use a profile in the WinKK Passport mobile app with a validated email of some user actually registered in Okta in your organization.
Was this article helpful?
How can we improve this article?

Leave a Reply

Your email address will not be published. Required fields are marked *