This document describes the base line configurations to setup an integration with our Identity Access Management System (IAM) and your Identity Provider (Okta).
Pre-requisites Okta configuration
The following details pertain to our Production environment and will need a representative from Core Strengths to enable the feature within your platform account.
On the Okta Admin portal, choose
At the top of the page, choose
Create App Integration
SAML 2.0 General Settings
Fill out the General Settings as you require
Provided via our design team
Next Configure SAML
Single sign-on URL:
Use this for Recipient URL and Destination URL is checked
Audience URI (SP Entity ID):
Name ID Format:
MetadataURI will be required for the next steps. You can find this value in the Active
SAML Signing Certificates
Click On the actions for the Active Signing Certificate and click
View IdP metadata this will open a new tab with a url in the address bar, copy this url.
Core Strengths Platform configuration
Configuration within Core Strengths Account Settings: (Feature Flag
SSO Enabled will need to be enabled [
true] upon engagement)
Add (comma separated) email domains used within SSO workflows to the
Email Identifiers input
email attribute mapping add
MetadataURI with your given Issuer URL similar to:
Optionally Enable Single Sign-out workflows (SSOut)
This allows session termination (logout) to call our IdP. When a user logs off of Core Strengths Platform, the platform will request a best-effort “sign-out of all-applications” to your IdP.
Once a CoreStrengths Platform account has been configured for SSO, people can navigate to the login page directly without first proceeding to the platform. The
Login URL field will be very similar to the following (replacing the
identity_provider value with one provided to you by CoreStrengths)
Hosted SSO Link (example above), specific for your organization, can be found on the
Settings page, under the
SSO chunk. See below for an in-page location hint.