The following steps will walk you through Okta app integration for BrainStorm.  This will allow you to use Okta to grant users access to the BrainStorm platform.


1.  In Okta, under Applications in the left panel, click Applications.


2. At the top, click Create App Integration.




3. In the Create a new app integration pop-up, click SAML 2.0, then click Next.




4. Enter BrainStorm for the app name and select desired App visibility.  Click Next.




5. Enter the following for required General settings (other settings may keep set defaults):

        Single sign on URL:
        https://auth.brainstorminc.com/signin-saml2


        Audience URI (SP Entity ID):

        urn:brainstorminc:auth:saml2


        Application username: 

                    Select Email from the dropdown



6.  Enter the following required Attribute Statements, attribute names, and associated Okta value as listed below:

  • Email -> user.email
  • FirstName -> user.firstname
  • LastName -> user.lastname
  • You may also include job title, department, or country as attributes


    NOTE: What is listed in the Name column will be entered in the BrainStorm platform later.

    

    Click Next.


7.  Next to the Are you a customer or partner? question, select I'm an Okta customer adding an internal app.  All other fields are optional.  Click Finish.


8. You'll be directed to your newly created app settings.  Scroll down to the SAML Signing Certificates section and click the Actions dropdown next to your certificate.  Select Download certificate.


9.  Save the XML file that appears and upload as shown in the Configure SSO in BrainStorm article.  Follow configuration steps for SAML.  After completing SSO in the BrainStorm platform, proceed to the next step in this article.  Please note that you will need to sign in as a BrainStorm admin to view this article and complete SSO setup.


10.  After returning to Okta, go to Applications and select the BrainStorm app you created.  In that app select the Assignments tab.


11.  From the Assign dropdown, select Assign to People or Groups.  Click Assign the user(s) or group(s) that you would like to make the app accessible to.


With SSO configured in the BrainStorm platform and suers assigned to the BrainStorm app created in Okta, users that log in to Okta will see the BrainStorm app and can click on it to access the user portal for the BrainStorm platform.