You can use Okta as your identity provider to authenticate users to MadKudu. MadKudu supports SAML SSO initiated by both Okta (identity provider) and MadKudu (service provider).
Prerequisites
You have a MadKudu account with Admin permissions
You have your MadKudu tenant number
Your company has an existing Okta account to set up SAML SSO
You have Admin permissions for your company's Okta account
Overview
Single sign-on allows you to log in to your company's MadKudu account using your Okta company credentials. A connection is made between Okta, the identity provider (idP), and MadKudu, the service provider (SP), to allow users to directly connect to their MadKudu account.
Once you configured your company Okta account with MadKudu, you can follow these instructions to manage users.
1. Add the MadKudu custom app to Okta
In the Okta console, go to Applications.
Click Create App Application.
Select SAML 2.0 and click Next
.png?sv=2022-11-02&spr=https&st=2024-12-22T13%3A11%3A18Z&se=2024-12-22T13%3A23%3A18Z&sr=c&sp=r&sig=p%2F52iRs8bOZU9unoGVklnq%2FyS%2BqnrWHOZdvZ%2B8L98R8%3D "image(183).png")
This will take you to the General Settings page.
App Name: MadKudu
App logo: Grab the one from our website in google images
.png?sv=2022-11-02&spr=https&st=2024-12-22T13%3A11%3A18Z&se=2024-12-22T13%3A23%3A18Z&sr=c&sp=r&sig=p%2F52iRs8bOZU9unoGVklnq%2FyS%2BqnrWHOZdvZ%2B8L98R8%3D "image(184).png")
App visibility: unchecked
Click Next. This will take you to the Configure SAML page.
Single sign-on URL: https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number. When you connect to app.madkudu.com you can see the tenant number in the URL
.png?sv=2022-11-02&spr=https&st=2024-12-22T13%3A11%3A18Z&se=2024-12-22T13%3A23%3A18Z&sr=c&sp=r&sig=p%2F52iRs8bOZU9unoGVklnq%2FyS%2BqnrWHOZdvZ%2B8L98R8%3D "image(185).png")
Check Use this for Recipient URL and Destination URL
Audience URI (SP Entity ID): https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number which can be provided to you by our support team if you submit a support ticket.
Default RelayState: Leave blank.
Name ID Format: Select EmailAddress.
Application username: Select Okta username.
Click Show Advanced Settings.
.png?sv=2022-11-02&spr=https&st=2024-12-22T13%3A11%3A18Z&se=2024-12-22T13%3A23%3A18Z&sr=c&sp=r&sig=p%2F52iRs8bOZU9unoGVklnq%2FyS%2BqnrWHOZdvZ%2B8L98R8%3D "image(187).png")
Response: Choose Signed.
Assertion Signature: Choose Unsigned.
Signature Algorithm: Choose RSA-SHA256.
Digest Algorithm: Choose SHA256.
Assertion Encryption: Leave as Unencrypted.
Signature Certificate: Download the certificate and upload it:
If you are unable to download the certificate, copy paste the text below in a text or code editor and "Save as" with a .pem extension:-----BEGIN CERTIFICATE----- MIIEBDCCAuygAwIBAgIUewpr2QmqAeKzZfYm/M1opYe+IcYwDQYJKoZIhvcNAQEL BQAwGjELMAkGA1UEBhMCRlIxCzAJBgNVBAMMAkNBMB4XDTI0MTEwNTEyNDYxNFoX DTI3MTEwNTEyNDYxNFowGjELMAkGA1UEBhMCRlIxCzAJBgNVBAMMAkNBMIICIjAN BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAx9/B8s8rLqIl1zRHIwW30JsQ0GPs hzlrSpmcocPxODmHtyeBbloz4jpxmZNV/NSalFV45lqtd0a9VuGgoZB85yoH739f gVCsYLSgYc27GzIJZZNu488EebaIR8mVxaaArPW5L9QuUQuqP87T7uPuPt4xXwaR Hk4rSshPorEl3lp5PyueqSKWecLp+rAgDdIn2SlvZm+FR9kF/Iodml6CNq7nD+dP FAYPKRGRJI8ZOMaVKBDBAh/oG6sXzA96JHSQbkEpK2YtiPskh8ePeRjHt91uFKdN T2S/qFst6AHkQsR/Cpv5XsTggLOQCcDrpevbjgaBDUeV1uyy9DzK6a+5LBaC2cxt eCNBWXn+pUSOboL3Jo4j4ILk62tcBMVZE+CLpvz92mQ/oMaIA2BRW9A3mG3d6mu7 p5kk+O92KBZLX9Xf64cEpP4AEcWQuuaeOizIf4aXFjXB32JC+Dgo9XZS84p+whBJ Yz5S9udBDf9hQmBinJwJy0XR5PJLFSAf6TwocgTFDQt5/6GNKVKkHCTIjURtRztu j6x2sXQ6iItjUEqLkGpzFnmlogaLFgTmOJ+Zv2IgrvUyoAcEgC3TA9RveCXDQoPr P29qWFLHYQyJs8A4hCtCFyHW4IXu1pAFsKCrcEJoM/sI0Hr+K6mg6fV4iP4IUnsw 0XgYuPzrpfeF9yECAwEAAaNCMEAwHQYDVR0OBBYEFCEHOnw0z/kWnJv1IffTbWLM B/AAMB8GA1UdIwQYMBaAFDKxAqjS6RbEUSYdj3I5TIctJc62MA0GCSqGSIb3DQEB CwUAA4IBAQBsfjFO/gqhuusdphkxtXxvZYXgUFRFZ8KeDoFd0nkM2JbefonpBGTS RHkOWZSn3tRhcJHTaRmnmoXyLxo3rflH73B8fkmCL51ON7ZbusGO94ph2uobI4mP DQGQsUo8TUP46DQrSxiwK1e6ENXqCJn2mo4MsuM6ooimdx+JmVd3NcFlV/Y0p7Nh pw46Le9JREQjIW6XnLOeHBzzg3FKOCyUgAboaAwRUC69Qpm3NhZQtBnvWOALHnXp zT+PaEpIrwNIhaB7EoqMFIOdPSP6xU9ToeXmasvFEKIVtdDwUtAfA6fWnc7ygpmB leKuK5z6Z4Um+vNyMwryedON6nEhewXH -----END CERTIFICATE-----Enable Single Logout: Leave unchecked.
Signed Requests: check
Authentication context class: Choose PasswordProtectedTransport.
Honor Force Authentication: Choose Yes.
SAML Issuer ID: Leave blank.
No need to configure the attribute and group attribute statements
.png?sv=2022-11-02&spr=https&st=2024-12-22T13%3A11%3A18Z&se=2024-12-22T13%3A23%3A18Z&sr=c&sp=r&sig=p%2F52iRs8bOZU9unoGVklnq%2FyS%2BqnrWHOZdvZ%2B8L98R8%3D "image(188).png")
Preview the SAML Assertion: You can click to preview the SAML assertion.
Click Next.
This will take you to the Okta feedback page. Enter your feedback if desired and click Next.
2. Set up Okta in the MadKudu app
Now that you have set up MadKudu in Okta, you will need to set up Okta in MadKudu for the two applications to create a trusted relationship with each other to allow communication.
You will need to provide MadKudu the Okta's Identity Provider URL automatically generated in Okta following these instructions.
In Okta
In Okta Console, go to Applications.
Click on the MadKudu app you have just created.
Click the Sign On tab.
Click View Setup Instructions to review Okta setup instructions to configure SAML 2.0 for MadKudu.
Keep this page open, you'll need to copy the URLs and certificate and paste them in MadKudu App.
In MadKudu
Open a new page to go to MadKudu App (app.madkudu.com),
Go to Settings
Click on the Authentication tab
Select Okta in the Enforce SSO picklist
Paste in the form the
Identity Provider Single Sign-On URL
Identity Provider Issuer
X.509 Certificate
Click Save
Nice! Now MadKudu will be able to recognize your Okta account.
Now you need to assign users to the MadKudu app both in Okta and in MadKudu. Please follow both steps here