SAML 2.0 with Okta - Application Installation Guide (recommended)

Lyndsay Updated by Lyndsay

Okta integration is a premium feature available only on Enterprise Accounts unless otherwise negotiated with your Account Executive.

Our SAML 2.0 integration will allow employees from your organization to log in to EasyLlama without using passwords. Our app is available in the Okta marketplace and alternative instructions are provided here.

We support the following roles:

- EasyLlama admin

- EasyLlama learner

Both already need to be present in your EasyLlama account in order to be able to use the SAML 2.0 login.

Supported Features

The Okta/EasyLlama SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just-In-Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Add custom fields to Okta users

  1. Go to Profile Editor - Go to Directory > "Profile editor" tab in your Okta admin dashboard.
  2. Select user type - Select the User type to edit. There should be a default Okta user.
  3. Add the Role attribute - We are going to add new attributes specific to EasyLlama. Add a new attribute to the User profile to differentiate between Admins and Learners. Click on Add attribute button and fill out the attributes based on the images.
  • Admin role: will have access to the EasyLlama admin dashboard and will be able to perform all operations such as adding/removing learners or assigning trainings. They will be provisioned during the first Okta login if they are not in EasyLlama yet.
  • Learner role: will be able to log in to EasyLlama and access the courses assigned to them by an admin. They will be provisioned during the first Okta login if the "Training Tag" field is filled out.
  1. Add the "Training Tags" attribute (optional) - If you would like to use the "Learner" role, you will need to add the "Training Tags" attribute so that you can assign trainings to them during provisioning. The value should be training_tags

Here is how custom fields should appear:

Set up a new Okta app

  1. Install the EasyLlama Okta app
  2. Download the certificates from Okta - Download the certificates from Okta and keep them secure. These will be uploaded on the EasyLlama dashboard. Clicking the View SAML setup instructions will take you to the SAML instructions page which you will need to copy into your EasyLlama dashboard.

Add the SAML settings in EasyLlama

  1. Add the SAML settings to your Easyllama dashboard - Go to your EasyLlama dashboard and click Settings > Authentication. Contact your Account Manager if that option isn't available on your account.

Enter the following items:

  • Single Sign On URL: the URL generated by Okta, e.g. https://company.okta.com/app/org/xxx/sso/saml
  • Identity Provider Issuer: the URL generated by Okta, e.g. http://www.okta.com/xxx
  • X.509 certificate: the certificate generated by Okta (.cert file)
  • Once you have entered all the required fields, click Save.

Congratulations, your SAML integration is now ready to be used!

Test your SAML login

  1. Log in with Okta: Go back to your Okta account. Find your user and assign the "Admin" role. Click on the EasyLlama tile. You should be redirected to your EasyLlama dashboard.

Notes

The following SAML attributes are supported:

  • Name

    Value

    first_name

    user.firstName

    last_name

    user.lastName

    role

    user.easyllamaRole

    training_tags

    user.training_tags

SP-initiated SSO

You can get the SP-initiated link from the SAML Authentication Settings > Copy SAML in Okta.

How did we do?

SAML 2.0 with Microsoft - Manual Configuration Guide

SAML 2.0 with Okta - Manual Configuration Guide

Contact