Skip to main content

Help Center

Submit a request

Configuring PayAnalytics SSO/SAML against Okta (IdP)

PayAnalytics Team

  • Last updated:

Configuring PayAnalytics SSO/SAML against Okta (IdP)

Purpose

This document describes the steps a technical contact for a PayAnalytics customer is required to carry out in order to configure SSO/SAML authentication for the PayAnalytics online solution (the Service Provider, "SP") using Okta as an Identity Provider, "IdP".

Roles & Responsibilities

  • IT specialist: A person within the customer customer organization that has access to the Microsoft Entra ID configuration for the organization.

  • PayAnalytics system owner: A person within the customer organization that has Superuser access (permissions to create and modify users) to PayAnalytics

Prerequisites

  • A dedicated PayAnalytics instance with SSO support enabled has been created for the customer.

  • PayAnalytics system owner: Has a user account (using username/password) with Superuser privileges on the PayAnalytics customer instance.

  • IT specialist: Has the appropriate administrative privileges on Okta.

Procedure

  1. PayAnalytics system owner: Log into your PayAnalytics instance as administrator (see Figure 4.1). If you're logging in for the first time you will need to retrieve your password with the "Forgot Password" flow.

Figure 4.1: Administrator login on PayAnalytics SSO login screen.

  1. PayAnalytics system owner: In PayAnalytics , open settings (by clicking ) and from the settings page click "SSO/SAML configuration".

  2. PayAnalytics system owner: Take note of the values in the gray-background boxes (see Figure 4.2)

Figure 4.2: Values to be copied from PayAnalytics into the SAML configuration.

  1. IT specialist: Log into Okta as administrator (https://login.okta.com) and click the "Admin" link in the upper right corner.

  2. IT specialist: In the left hand menu, click “Applications” and then again, click "Applications".

  3. IT specialist: Create a new App Integration by clicking “Create App Integration” (see Figure 4.3).

Figure 4.3: Okta "Applications" page.

  1. IT specialist: In the preamble step of the app integration configuration select "SAML 2.0" (see Figure 4.4).

Figure 4.4: Okta new app integration form, preamble step.

  1. IT specialist: In section 1 of the app integration set the "App name" to "PayAnalytics". The PayAnalytics logo is available for download on the PayAnalytics SSO/SAML configuration page (https://my-company.payanalytics.com/settings/sso-saml).

Figure 4.5: Okta app integration configuration: Step 1

  1. IT specialist: In section 2 of the app integration configuration, fill in the fields with values from the PayAnalytics SSO/SAML page (see Figure 4.2). Example provided in Figure 4.6.

Figure 4.6: Okta app integration configuration: Step 2

  1. Setting the Role is optional. If set, it will assign or clear the User Role of the user.

  2. IT specialist: It is not required to configure any settings under "Advanced Settings".

  3. IT specialist: In section 3 of the app integration configuration, select the "I'm an Octa customer adding an internal app" option and click "Finish".

Figure 4.7: Okta SAML Configuration filled in example.

  1. IT specialist: In the Okta left menu, click "Applications" and select the "Applications" sub-section. Click the "PayAnalytics" application and open the "Sign On" tab. Click the "View SAML setup instructions" link in the right hand section of the page (see Figure 4.8).

Figure 4.8: The "View SAML setup instructions" link

  1. IT specialist / PayAnalytics system owner: Observe the values in the config page (see Figure 4.9 and Figure 4.10). Copy the following values:

    • Okta side: "Identity Provider Single Sign-On URL" -> PayAnalytics side: "Identity Provider Single Sign-On URL"

    • Okta side: "Identity Provider Issuer" -> PayAnalytics side: "Identity Provider Issuer ID"

    • Okta side: "X.509 Certificate" -> PayAnalytics side: "Identity Provider X.509 certificate"

Figure 4.9: Configuration prescription on the Okta side

Figure 4.10: Filled in configuration on the PayAnalytics side

  1. PayAnalytics system owner: In the PayAnalytics SSO config page, click "Save" (a message will appear confirming that the configuration was saved).

  2. IT specialist: In the Okta left menu, click "Applications" and select the "Applications" sub-section. Click the "PayAnalytics" application and open the "Assignments" tab (see Figure 4.11). Assign people/groups as needed.

Figure 4.11: The Okta assignment tab

Your SSO/SAML authentication should now be correctly configured and your users can initiate the authentication flow into PayAnalytics by clicking the "Click here to authenticate" button.

Other information

The SP metadata is available on the following url:

https://my-company.payanalytics.com/api/v1/sso/metadata

Attachments
Was this article helpful?
0 out of 0 found this helpful
Return to top