Articles with the tag:
Close
Changelog
Close
Try in the cloud
Try in the cloud

Configuring ONLYOFFICE SP and Okta IdP

Introduction

Single Sign-on (SSO) is a technology that allows users to sign in only once and then get access to multiple applications/services without re-authentication.

If a web portal includes several large independent sections (forum, chat, blogs etc.), a user can undergo the authentication procedure within one of the services and automatically get access to all other services without entering credentials several times.

SSO is always ensured by the joint operation of two applications: an Identity Provider and a Service Provider (also called as "IdP" and "SP"). ONLYOFFICE SSO implements the SP only. A lot of different providers can act as an IdP, but this article considers the Okta implementation.

Creating an IdP in Okta

  1. Sign up for Okta.
  2. Go to the Applications -> Applications menu.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  3. Click the Create App Integration button:
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  4. Select the SAML 2.0 option and click the Next button.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  5. In the App name field, enter any name, for example, "IDP Okta DocSpace", to distinguish this application from others, and click the Next button.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  6. Fill in the fields according to the table below:
    Please specify your own domain name or public IP where your ONLYOFFICE SP is hosted instead of myportal-address.com.
    Application Details
    Single sign-on URL https://myportal-address.com/sso/acs
    Audience URI (SP Entity ID) https://myportal-address.com/sso/
    Default RelayState https://myportal-address.com
    Name ID format EmailAddress
    Application username Email
    Update application username on Create and Update
    Response Signed
    Assertion Signature  Signed
    Signature Algorithm RSA-SHA256
    Digest Algorithm SHA256
    Assertion Encryption Encrypted
    Encryption Algorithm AES128-CBC
    Key Transport Algorithm RSA-OAEP
    Authentication context class X.509 Certificate
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  7. In the Attribute Statements form, click Add Another and create 3 parameters (givenName, sn, mail) specifying a value from the Value list, suitable for issuing from the field catalog of the LDAP directory.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  8. Go to the ONLYOFFICE portal signing in as an administrator. Open the Settings -> Integration -> Single Sign-On page.
  9. Enable SSO using the Enable Single Sign-on Authentication switcher.
  10. Now you need to create a certificate in the SP Certificates section. To do that, click the Add certificate button in the corresponding section.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  11. In the opened modal window, click the Generate New Self-Signed Certificate link, choose the signing and encrypt option in the Use for list. Before you save the certificate, copy the Public Certificate text to the clipboard (it will be necessary for Okta), then click the OK button.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  12. Open any editor, paste the copied text and save the file with the .pem extension.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  13. Return to the Okta application creation form. In the Encryption Certificate field, select the newly created public key.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  14. Click the Next button at the end of the form.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  15. Click the Finish button.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  16. In the application description that opens, copy the link from the Metadata URL field.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  17. Return to the Single Sign-On page on the ONLYOFFICE portal. Paste the copied link to the field for uploading metadata XML.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP

    Specify the login button caption.

    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  18. Click the Save button.
  19. The ONLYOFFICE SP Metadata section should be opened with the Donwnload SP Metadata XML button.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  20. To configure logout, return to the Okta settings. In the Signature Certificate field, specify a certificate, for example, from step 12. Fill out the Single Logout URL and SP Issuer fields according to th example below.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  21. To create users in Okta and provide them access to our ONLYOFFICE SP, perform the following steps:
    1. go to the Okta Directory -> People submenu,
      How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    2. click the Add person button,
      How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    3. fill in the form and click Save,
      How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    4. go to the Applications -> Applications menu and click the created application,
      How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
    5. click Assign -> Assign to People. In the opened window, select the necessary users and click Assign. Close the window by clicking Done.
      How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP

Checking the work of the ONLYOFFICE SP with the Okta IdP

Logging in to ONLYOFFICE on the SP side
  1. Go to the ONLYOFFICE Authentication page (e.g., https://myportal-address.com/Auth.aspx).
  2. Click the Single sign-on button. If the button is missing, this means that SSO is not enabled.
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  3. If all the SP and IdP parameters are set correctly, we will be redirected to the Okta IdP login form:
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
  4. Enter the login and password of the user who has been granted access to the ONLYOFFICE SP and click the LOG IN button.
  5. If the credentials are correct, we will be redirected to the main page of the portal (the user will be created automatically if missing, or the data will be updated if changed in the IDP).
    How to configure ONLYOFFICE SP and Okta IdP How to configure ONLYOFFICE SP and Okta IdP
Try now for free Try and make your decision No need to install anything
to see all the features in action
You Might Also Like This:
Close