Trusona+Okta Integration Guide
This guide details the steps required to configure Trusona as a passwordless authentication solution for your Okta cloud instance.
Step 1: Email Us
Send an email to email@example.com with the following information:
Email domain(s) associated with your Okta users
Trusona will email you back the following:
IdP Signature Certificate
Step 2: Log into the Okta admin portal
If you are logged into the developer portal by default than select the dropdown and select Classic UI.
If you see this page instead than select Admin button if not move onto step 3.
Note: If the Okta instance is not using MFA or 2FA you can skip step 3 and move onto step 4
Step 3: Create API token
Navigate to “Security” > “API” and then click the “Create Token” button.
Copy your API token (“Token Value” in the above image) and save it somewhere safe. You will send this to Trusona along with other information in step 8.
Step 4: Add Origin
Navigate to “Security” > “API” > “Trusted Origins” and click the “Add Origin” button.
Note: If the Okta instance is not using MFA or 2FA you can skip step 5 and move onto step 6
Step 5: Create a group
Navigate to “Directory” > “Groups” > select “Add Group” and create a name and a description
You don’t need to maintain the membership of this group. Group membership is automatically managed by Trusona via the Okta API. Do not add any members to the group.
Step 6: Create an Identity Provider
Select “Security” > “Identity Providers” > Click “Add Identity Provider” > Add SAML 2.0 IdP
Note: If the “Add Identity Provider” button does not have a drop down then click “Add Identity Provider” and continue with the steps below.
Complete the form to add the new SAML IdP using the information below:
Once the information in the tables above has been entered into the form, click the “Add identity provider” button to continue.
Click “Show Advanced Settings”
Uncheck Sign SAML Authentication Request.
Step 7: Create new Sign-On Policy
Select “Security” > “Authentication” > “Sign on”
To create the new policy, click the “Add New Okta Sign-On Policy” button.
Enter “TrusonaUsers” for the Policy Name
Choose a meaningful description for the Policy Description
Add the group you created in step 5 in the “Assign to Groups” section.
Select “Create Policy and Add Rule”
Rule Name: Name rule (This rule allows users to authenticate from anywhere)
Note: Make sure “Prompt for Factor” is unchecked.
After creating a rule make sure the new rule is activated
Step 8: Send Trusona your configuration details
API Token Key
From Step 1
Base URL (URL while logged into Okta)
Found in your browser’s navigation bar
Assertion Customer Service URL
Located in Security > Identity Providers by expanding the SAML IdP row
Located in Directory > Groups > Trusona
Once this information is received, Trusona will provision your Okta integration and notify you by email when the Trusona integration is ready for use.
Note: Do not move onto step 9 until you have recieved confirmation from Trusona that your infomration from step 8 has been provisioned. Otherwise you may be locked out of your account.
Step 9: Create Routing Rule
Select “Security” > “Identity Providers” > “Routing Rules”
To create the new Routing Rule, click the “Adding Routing Rule” button.
When creating the new rule match the fields to the one in the image below and click “Create Rule.”
Customizing the experience
Step 10: Customizing your Trusona experience (optional)
The Trusona Gateway (pictured below) includes default styling that will be familiar to your users using the Trusona App.
Optionally, it’s possible to provide a custom branded experience for your users including things like:
A custom vanity URL
Custom secure QR code colors
Your company logo and colors
In order for Trusona to create your custom gateway you need to provide to Trusona hex values and images for the following:
Working with the template
For more information about customizing your gateway please visit the employee implementation get started guide.
Once you have everything needed for your custom gateway please send that information to firstname.lastname@example.org