Configuring Elafent with Okta

To configure Elafent as a SAML Service Provider in Okta, you will need to create an Okta Application.

Creating a new Okta application

The user must have Administrator access for creating/managing Okta applications. This example runs through the settings for the Okta application configured for Elafent.

  1. Hit the Admin button in the top right
  2. Go to Applications > Applications in the menu
  3. Hit Add Application in the top left
  4. Hit Create New App in the top right
  5. Adjust the following options -
    • Platform - Web
    • Sign on method - SAML 2.0
  6. Hit Create
  7. Adjust General Settings
    • App name - Elafent
    • App logo - Use the logo below for best results
    • App visibility - Leave the boxes unchecked
  8. Hit Next
  9. Adjust Configure SAML > SAML Settings
  • Single sign on URL - if you are installing the Elafent app from the Okta OIN the URL is https://app.elafent.com/auth/api/saml/okta/login/callback otherwise it will be a unique URL which you will need to contact Elafent Support
    • Check - Use this for Recipient URL and Destination URL
    • Uncheck - Allow this app to request other SSO URLs
  • Audience URI - https://app.elafent.com/auth
  • Default RelayState - Leave this blank
  • Name ID format - EmailAddress
  • Application username - Email
  • Update application username on - Create and Update
  • Advanced Settings - We don't need to change any of these
  • Attribute Statements - Create the following Attribute Statements:
Name Name Format Value
user.firstName Basic user.firstName
user.lastName Basic user.lastName
org.id Basic appuser.elaOrgId
org.secretKey Basic appuser.elaOrgSecretKey
group.id Basic appuser.elaGroupId
  1. Group Attribute Statements - Leave this blank
  2. Hit Next
  3. Fill in Feedback - Are you a customer or partner - I'm a customer.
  4. Hit Finish

If you are not installing the Elafent app from the Okta OIN, you will need to send the resultant SAML Service Provider settings to Elafent Support to complete this step.

Configuring the User Profile

The user must have Administrator access for creating/managing Okta applications as well as permissions to edit the User Profiles.

  1. Hit the Admin button in the top right
  2. Go to Directory > Profile Editor in the menu
  3. Find the Elafent User corresponding to the associated app and hit the Profile button
    • The App Id under the ** Profile Name ** should match the associated application Id e.g. yourorg123456_elafent.
  4. To configure the following Attributes contact Elafent Support -
    • Username - Required and unmodifiable by default
    • Elafent Organisation Id
      • Data type - string with
      • Display name - Elafent Organisation Id
      • Variable name - elaOrgId
      • Description - ID of your organisation in the Elafent platform
      • Enum - Leave unchecked
      • Attribute Length - Leave unchanged
      • ** Attribute required** - Yes
      • Scope - Leave unchecked
    • Elafent Organisation Secret Key
      • Data type - string
      • Display name - Elafent Organisation Secret Key
      • Variable name - elaOrgSecretKey
      • Description - Secret Key of your organisation for Elafent's SSO workflow. Keep this key safe and do not share it with anyone.
      • Enum - Leave unchecked
      • Attribute Length - Leave unchanged
      • Attribute required - Yes
      • Scope - Leave unchecked
    • Elafent Group Id
      • Data type - string
      • Display name - Elafent Group Id
      • Variable name - elaGroupId
      • Description - ID of the group these users should belong to in the Elafent app
      • Enum - Leave unchecked
      • Attribute Length - Leave unchanged
      • Attribute required - Yes
      • Scope - Leave unchecked

Assigning Okta groups to the Elafent application

The user must have Administrator access for creating/managing Okta applications.

This assumes an Okta Group has been created for each Elafent Group the organisation wants users to be added to e.g. one for Admins and another for Users.

Note: You can assign individual users to the application as well but that will require configuration to be duplicated for each user and is not recommended.

The following outlines how to assign the Okta Group to the application -

  1. Hit the Admin button in the top right
  2. Go to Applications > Applications in the menu
  3. Find and select the Elafent application
  4. Go to the Assignments tab
  5. Hit Assign > Assign to Groups in the top left of the editor
  6. For each group that requires access to the app, hit Assign
  7. Hit Save and go back.

Once an Okta Group is assigned to the Elafent application, users may launch the App from Okta if provisioning has been enabled for the organisation in the Elafent app.

Users must launch the Elafent application from Okta the first time they access Elafent but on subsequent attempts, they may initiate the sign in process from Elafent. A user's username in Elafent is the email address in Okta so users will need to enter their email in the Elafent Sign In screen and not their Okta username.