Okta SSO Integration

Owned by Elliot Dooleysmith
Last updated: May 20, 2022
5 min read

Create a SAML App in Okta

Log into your Oktorganisation’s requirements.

Click Next.

Configure SAML

Populate the SAML Settings page as follows:

General

The above example uses https://app.rx-cloud.com, replace this with your own ResourceXpress URL

Field

Value

Field

Value

Single sign-on URL

https://<your-rx-address>.rx-cloud.com/SsoConsumer

Audience URI (SP Entity ID)

https://<your-rx-address>.rx-cloud.com

Default RelayState

Leave Blank

Name ID Format

Unspecified

Application Username

Okta username

Update application username on

Create and update

Attribute Statements

Name

Name format

Value

Name

Name format

Value

firstname
(mandatory)

Unspecified

user.firstName

lastname
(mandatory)

Unspecified

user.lastName

email
(mandatory)

Unspecified

user.email

rfid
(optional)

Unspecified

user.rfid

this attribute must first be created and populated in Okta

accesscode (optional)

Unspecified

user.accesscode

this attribute must first be created and populated in Okta

defaultlocation
(optional)

Unspecified

The ID number for the Location that the user will have default access to.

allowedlocation
(optional)

Unspecified

A comma separated list of Location ID numbers that the user has access to.

dateformat
(optional)

Unspecified

The date format for the user.

dd,MM,yyyy → (25, 01, 2021)
MM / dd / yyyy → (01 / 25 / 2021)

roles
(optional)

Unspecified

A comma separated list of Role ID numbers.

The default role ID values are as below

Super Admin → 1
Server Admin → 2
User Admin → 3
User → 4
Messaging → 5
Reporting → 6
Location Admin → 7

Click Next.

Select your organisations status in the Feedback screen and click Finish

On the next page click the button View Setup Instructions, this will open in a new tab.

Make a note of the Identity Provider Single Sign-On URL and the Identity Provider Issuer values.
These will be needed when configuring SSO in ResourceXpress.

Return to the previous tab, and select Assignments.

Using the Assign button allows access to users and/or groups who will require access to the ResourceXpress console.

Configure ResourceXpress with Okta SSO

Requirements

  • ResourceXpress User with a Server Admin or higher Security Role

Navigate to your ResourceXpress Admin Dashboard.

https://<your-rx-address>.rx-cloud.com/

Using the top menu click Administration Settings → System Settings.

Then choose the SSO Settings tab.

Populate the following settings:

RX Field

Value

RX Field

Value

URL

Enter the Identity Provider Single Sign-On URL from the Okta setup.

IPD ID

leave blank

Authenticating Authority

Enter the Identity Provider Issuer from the Okta setup.

Auto create user records from SSO (optional)

Yes or No

When Auto-create user records from SSO is enabled a local user record will be created in ResourceXpress when a user signs in to the browser console with their SSO details.
All new users will be assigned the default security role of User. This role can then be elevated by an administrator.

When a user's account is auto-created in ResourceXpress, an email confirming this will be sent to them.
Included in this email will be a randomly generated password that can be used for the upcoming mobile app.

Sync user details from SSO (optional)

Yes or No

When Sync user details from SSO is enabled user attributes will be synchronised with the values stored in Okta, for example, when using Okta stored attributes for RFID and Access Code.
If the value is updated in Okta it will automatically be updated in RX the next time the user signs in.

Once the above has been configured click Save.
SSO will be enabled immediately however you will need to log out and back in again to see the SSO screen.

Any user that has been added to the assigned user's list for the SAML application in Okta will now be able to sign in to your ResourceXpress site.

The following macros are not currently supported in the footer:
  • style