Okta SSO Integration

By Elliot Dooleysmith
5 min

Create a SAML App in Okta

Log into your Oktorganisation’s requirements.

Click Next.

Configure SAML

Populate the SAML Settings page as follows:

General

The above example uses https://app.rx-cloud.com, replace this with your own ResourceXpress URL

Field

Value

Field

Value

Single sign-on URL

https://<your-rx-address>.rx-cloud.com/SsoConsumer

Audience URI (SP Entity ID)

https://<your-rx-address>.rx-cloud.com

Default RelayState

Leave Blank

Name ID Format

Unspecified

Application Username

Okta username

Update application username on

Create and update

Attribute Statements

Name

Name format

Value

Name

Name format

Value

firstname
(mandatory)

Unspecified

user.firstName

lastname
(mandatory)

Unspecified

user.lastName

email
(mandatory)

Unspecified

user.email

rfid
(optional)

Unspecified

user.rfid

this attribute must first be created and populated in Okta

accesscode (optional)

Unspecified

user.accesscode

this attribute must first be created and populated in Okta

defaultlocation
(optional)

Unspecified

The ID number for the Location that the user will have default access to.

This requires a single Location ID value.

To get the Location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

allowedlocation
(optional)

Unspecified

A comma separated list of Location ID numbers that the user has access to.

If more than 1 location is required, separate the ID values with a comma ( , ).

To get the location ID number, navigate to the location edit screen.

Administration Settings → System Settings → Locations

Then select the Edit Button ( ) for the correct location.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Setting/Location?Id=1

dateformat
(optional)

Unspecified

The date format for the user.

dd,MM,yyyy → (25, 01, 2021)
MM / dd / yyyy → (01 / 25 / 2021)

roles
(optional)

Unspecified

A comma separated list of Role ID numbers.

If more than 1 role is required, separate the ID values with a comma ( , ).

The default role ID values are as below

Super Admin → 1
Server Admin → 2
User Admin → 3
User → 4
Messaging → 5
Reporting → 6
Location Admin → 7

To get the Role ID number for any custom Roles, navigate to the Role edit screen.

User Management → Roles

Then select the Edit Button ( ) for the correct role.
You will find the ID number at the end of the page URL.
https://app.rx-cloud.com/Roles/Create?Id=1

For more information on each of these values see the breakdown and description of each setting in our User Management guide → Create a New User.

New in v2021.5 HF1

If no valid optional claim mappings exist, or the value is blank, ResourceXpress will fall back and use the value that has been entered manually via the RX Admin Dashboard

To overwrite the database with a blank value, use either a zero (0) or a hyphen (-) for the Attribute.

If the attribute contains any value other than a zero (0) or a hyphen (-), this value will be written to the user account the next time the user signs in via SSO.

Click Next.

Select your organisations status in the Feedback screen and click Finish

On the next page click the button View Setup Instructions, this will open in a new tab.

Make a note of the Identity Provider Single Sign-On URL and the Identity Provider Issuer values.
These will be needed when configuring SSO in ResourceXpress.

Return to the previous tab, and select Assignments.

Do not configure SSO in ResourceXpress until you have completed the user/group assignment step

Using the Assign button allows access to users and/or groups who will require access to the ResourceXpress console.

Configure ResourceXpress with Okta SSO

Requirements

  • ResourceXpress User with a Server Admin or higher Security Role

Navigate to your ResourceXpress Admin Dashboard.

https://<your-rx-address>.rx-cloud.com/

Using the top menu click Administration Settings → System Settings.

Then choose the SSO Settings tab.

Populate the following settings:

RX Field

Value

RX Field

Value

URL

Enter the Identity Provider Single Sign-On URL from the Okta setup.

IPD ID

leave blank

Authenticating Authority

Enter the Identity Provider Issuer from the Okta setup.

Auto create user records from SSO (optional)

Yes or No

When Auto-create user records from SSO is enabled a local user record will be created in ResourceXpress when a user signs in to the browser console with their SSO details.
All new users will be assigned the default security role of User. This role can then be elevated by an administrator.

When a user's account is auto-created in ResourceXpress, an email confirming this will be sent to them.
Included in this email will be a randomly generated password that can be used for the upcoming mobile app.

Please ensure you have configured valid SMTP settings under the Email Settings tab in the System Settings

Sync user details from SSO (optional)

Yes or No

When Sync user details from SSO is enabled user attributes will be synchronised with the values stored in Okta, for example, when using Okta stored attributes for RFID and Access Code.
If the value is updated in Okta it will automatically be updated in RX the next time the user signs in.

When synchronising attributes from an SSO provider the attributes cannot be changed or updated in the ResourceXpress admin console.

Once the above has been configured click Save.
SSO will be enabled immediately however you will need to log out and back in again to see the SSO screen.

Any user that has been added to the assigned user's list for the SAML application in Okta will now be able to sign in to your ResourceXpress site.

Related content

The following macros are not currently supported in the footer:
  • style