© 2024 IQVIA - All Rights Reserved

Okta SSO

Okta SSO Configuration

Okta configuration is fairly straightforward. If Single Logout (SLO) is required, then care must be taken to get the signing certificate uploaded properly as shown below. Okta actually verifies that the logout request is signed by the specified certificate, unlike other IdPs.

Navigating to the Config

Optionally create a new app

Then

Then

General Config

The next two images have dots which show values taken from the ClinSpark UI and where they belong in the Okta configuration screens.

Here is where to find those values in ClinSpark

 

Select “Show Advanced Settings” (dot 3) to expose additional configurations.

Advanced Config

If SLO is required, the below fields are key. Okta verifies the signature of the logout request, and therefor needs the certificate for this verification. Here is the certificate that you need to upload in Dot 3:

In the below, you can find the values for dots 1 and 2 in the next image from ClinSpark

Here is the mapping:

 

Ensure these values are set:

Click Next:

Finishing

ClinSpark Configuration

Here are key parameters required

 

 

 

 

Canonicalization Method Algorithm:

Exclusive XML Canonicalization Version 1.0

Authentication Context:

urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport

Name ID Format

urn:oasis:names:tc:SAML:2.0:nameid-format:transient

Sign / Digest Algorithm

SHA256

 

 

 

Exported and Printed Copies Are Uncontrolled