Trusona+Okta Integration Guide
This guide details the steps required to configure Trusona as a passwordless authentication solution for your Okta cloud instance.
Step 1: Email Us
Send an email to firstname.lastname@example.org with the following information:
Email domain(s) associated with your Okta users
Trusona will email you 3 things in return:
IdP Signature Certificate
IdP Issuer URL
Step 2: Log into the Okta admin portal
If you are logged into the developer portal by default than select the dropdown and select Classic UI.
If you see this page instead than select Admin button
Step 3: Create API token
Navigate to “Security” > “API” and then click the “Create Token” button.
Copy your API token (“Token Value” in the above image) and save it somewhere safe. You will send this to Trusona along with other information in step 8.
Step 4: Add Origin
Navigate to “Security” > “API” > “Trusted Origins” and click the “Add Origin” button.
Step 5: Create a group
Navigate to “Directory” > “Groups” > select “Add Group” and create a name and a description
You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API. Do not add any members to the group.
Step 6: Create an Identity Provider
Select “Security” > “Identity Providers” > Click “Add Identity Provider” > Add SAML 2.0 IdP
Note: If the “Add Identity Provider” button does not have a drop down then click “Add Identity Provider” and continue with the steps below.
Complete the form to add the new SAML IdP using the information below:
Once the information in the tables above has been entered into the form, click the “Add identity provider” button to continue.
Click “Show Advanced Settings”
Uncheck Sign SAML Authentication Request. The destination will be you’re your IdP Single Sign-On URL.
Step 7: Create new Sign-On Policy
Select “Security” > “Authentication” > “Sign on”
To create the new policy, click the “Add New Okta Sign-On Policy” button.
Enter “TrusonaUsers” for the Policy Name
Choose a meaningful description for the Policy Description
Add the group you created in step 5 in the “Assign to Groups” section.
Select “Create Policy and Add Rule”
Rule Name: Name rule (This rule allows users to authenticate from anywhere)
Note: Make sure “Prompt for Factor” is unchecked.
After creating a rule make sure the new rule is activated
Step 8: Send Trusona your configuration details
API Token Key
From Step 1
Base URL (URL while logged into Okta)
Found in your browser’s navigation bar
Assertion Customer Service URL
Located in Security > Identity Providers by expanding the SAML IdP row
Located in Directory > Groups > Trusona
Once this information is received, Trusona will provision your Okta integration and notify you by email when the Trusona integration is ready for use.
Step 9: Create Routing Rule
Select “Security” > “Identity Providers” > “Routing Rules”
To create the new Routing Rule, click the “Adding Routing Rule” button.
When creating the new rule match the fields to the one in the image below and click “Create Rule.”
Customizing the experience
Step 10: Customizing your Trusona experience (optional)
The Trusona Gateway (pictured below) includes default styling that will be familiar to your users using the Trusona App.
Optionally, it’s possible to provide a custom branded experience for your users including things like:
A custom vanity URL
Custom secure QR code colors
Your company logo and colors
In order for Trusona to create your custom gateway you need to provide to Trusona hex values and images for the following:
Working with the template
For more information about customizing your gateway please visit the employee implementation get started guide.
Once you have everything needed for your custom gateway please send that information to email@example.com