Okta SSO Configuration
Okta configuration is fairly straightforward. If Single Logout (SLO) is required, then care must be taken to get the signing certificate uploaded properly as shown below. Okta actually verifies that the logout request is signed by the specified certificate, unlike other IdPs.
Navigating to the Config
Optionally create a new app
Then
Then
General Config
The next two images have dots which show values taken from the ClinSpark UI and where they belong in the Okta configuration screens.
Here is where to find those values in ClinSpark
Select “Show Advanced Settings” (dot 3) to expose additional configurations.
Advanced Config
If SLO is required, the below fields are key. Okta verifies the signature of the logout request, and therefor needs the certificate for this verification. Here is the certificate that you need to upload in Dot 3:
| View file | ||
|---|---|---|
|
In the below, you can find the values for dots 1 and 2 in the next image from ClinSpark
Here is the mapping:
Ensure these values are set:
Click Next:
Finishing
ClinSpark Configuration
Here are key parameters required
Canonicalization Method Algorithm: | |
Authentication Context: | urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport |
Name ID Format | urn:oasis:names:tc:SAML:2.0:nameid-format:transient |
Sign / Digest Algorithm | SHA256 |
