Trusona+Okta Integration Guide

 

This guide details the steps required to configure Trusona as a passwordless authentication solution for your Okta cloud instance.

Step 1: Email Us

Send an email to integration@trusona.com with the following information:

  1. Company name

  2. Email domain(s) associated with your Okta users

Trusona will email you 3 things in return: 

  1. IdP Signature Certificate  

  2. Origin URL 

  3. IdP Issuer URL 

Step 2: Log into the Okta admin portal

If you are logged into the developer portal by default than select the dropdown and select Classic UI.

Developer portal in Okta.png

If you see this page instead than select Admin button

Picture1.png

Configuring Okta

Step 3: Create API token

Navigate to “Security” > “API” and then click the “Create Token” button. 

Create API token.png
Token.png

Copy your API token (“Token Value” in the above image) and save it somewhere safe. You will send this to Trusona along with other information in step 8.

Step 4: Add Origin

Navigate to “Security” > “API” > “Trusted Origins” and click the “Add Origin” button.

Trusted Origins.png
Add origin.png

Step 5: Create a group

Navigate to “Directory” > “Groups” > select “Add Group” and create a name and a description 

Create a group.png
Add group.png
Name Group.png

You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API.  Do not add any members to the group. 

Step 6: Create an Identity Provider

Select “Security” > “Identity Providers” > Click “Add Identity Provider” > Add SAML 2.0 IdP 

Note: If the “Add Identity Provider” button does not have a drop down then click “Add Identity Provider” and continue with the steps below. 

Add Identity providers.png
Add SAML 2.0.png

Complete the form to add the new SAML IdP using the information below: 

General Settings.jpg
Authentication Settings.jpg
JIT.jpg
SAML.jpg

Once the information in the tables above has been entered into the form, click the “Add identity provider” button to continue. 

Edit Identity Provider.png
SAML protocol settigns.png

Click “Show Advanced Settings” 

Uncheck Sign SAML Authentication Request. The destination will be you’re your IdP Single Sign-On URL. 

Show advanced.png
 
 
 

 

Step 7: Create new Sign-On Policy

Select “Security” > “Authentication” > “Sign on” 

To create the new policy, click the “Add New Okta Sign-On Policy” button. 

Add policy.png
  1. Enter “TrusonaUsers” for the Policy Name 

  2. Choose a meaningful description for the Policy Description 

  3. Add the group you created in step 5 in the “Assign to Groups” section. 

create policy.png
 
 

Select “Create Policy and Add Rule” 

  

  1. Rule Name: Name rule (This rule allows users to authenticate from anywhere) 

  2. Note: Make sure “Prompt for Factor” is unchecked. 

  3. After creating a rule make sure the new rule is activated 

 
 
Enable Identity Provider

Enable Identity Provider

Active Rule.png

Step 8: Send Trusona your configuration details 

Using https://onetimesecret.com send the following information to integrations@trusona.com

  

  1. API Token Key 

    • From Step 1 

  2. Base URL (URL while logged into Okta) 

    • Found in your browser’s navigation bar 

  3. Assertion Customer Service URL 

    • Located in Security > Identity Providers by expanding the SAML IdP row 

  4. Group URL 

    • Located in Directory > Groups > Trusona 

 

Once this information is received, Trusona will provision your Okta integration and notify you by email when the Trusona integration is ready for use.  

Base URL.png
Assertion.png
Group URL2.png

Step 9: Create Routing Rule 

Select “Security” > “Identity Providers” > “Routing Rules” 

 To create the new Routing Rule, click the “Adding Routing Rule” button. 

Identity Provider.png

When creating the new rule match the fields to the one in the image below and click “Create Rule.”

Create rule 2.png
 
 
 
 
 

Customizing the experience 

Step 10: Customizing your Trusona experience (optional) 

The Trusona Gateway (pictured below) includes default styling that will be familiar to your users using the Trusona App.  

Trusona Gateway.png

Optionally, it’s possible to provide a custom branded experience for your users including things like: 

  • A custom vanity URL 

  • Custom secure QR code colors 

  • Your company logo and colors 

In order for Trusona to create your custom gateway you need to provide to Trusona hex values and images for the following:

  • QR code

  • Foreground color

  • Background color

  • Body text

  • Hero

  • Hero alignment

  • Logo

  • Working with the template

For more information about customizing your gateway please visit the employee implementation get started guide.

Once you have everything needed for your custom gateway please send that information to integration@trusona.com

 
Daniel Fischpan