You can use Okta as your identity provider to authenticate users to MadKudu. MadKudu supports SAML SSO initiated by both Okta (identity provider) and MadKudu (service provider).
Prerequisites
You have a MadKudu account with Admin permissions
You have your MadKudu tenant number
Your company has an existing Okta account to set up SAML SSO
You have Admin permissions for your company's Okta account
Overview
Single sign-on allows you to log in to your company's MadKudu account using your Okta company credentials. A connection is made between Okta, the identity provider (idP), and MadKudu, the service provider (SP), to allow users to directly connect to their MadKudu account.
Once you configured your company Okta account with MadKudu, you can follow these instructions to manage users.
1. Add the MadKudu custom app to Okta
In the Okta console, go to Applications.
Click Create App Application.
Select SAML 2.0 and click Next
This will take you to the General Settings page.
App Name: MadKudu
App logo: Grab the one from our website in google images
App visibility: unchecked
Click Next. This will take you to the Configure SAML page.
Single sign-on URL: https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number. When you connect to app.madkudu.com you can see the tenant number in the URL
Check Use this for Recipient URL and Destination URL
Audience URI (SP Entity ID): https://bongo.madkudu.com/v1/login/saml/XXXX, where XXXX is your tenant number which can be provided to you by our support team if you submit a support ticket.
Default RelayState: Leave blank.
Name ID Format: Select EmailAddress.
Application username: Select Okta username.
Click Show Advanced Settings.
Response: Choose Signed.
Assertion Signature: Choose Unsigned.
Signature Algorithm: Choose RSA-SHA256.
Digest Algorithm: Choose SHA256.
Assertion Encryption: Leave as Unencrypted.
Signature Certificate: Download the certificate and upload it:
If you are unable to download the certificate, copy paste the text below in a text or code editor and "Save as" with a .pem extension:Enable Single Logout: Leave unchecked.
Signed Requests: check
Authentication context class: Choose PasswordProtectedTransport.
Honor Force Authentication: Choose Yes.
SAML Issuer ID: Leave blank.
No need to configure the attribute and group attribute statements
Preview the SAML Assertion: You can click to preview the SAML assertion.
Click Next.
This will take you to the Okta feedback page. Enter your feedback if desired and click Next.
2. Set up Okta in the MadKudu app
Now that you have set up MadKudu in Okta, you will need to set up Okta in MadKudu for the two applications to create a trusted relationship with each other to allow communication.
You will need to provide MadKudu the Okta's Identity Provider URL automatically generated in Okta following these instructions.
In Okta
In Okta Console, go to Applications.
Click on the MadKudu app you have just created.
Click the Sign On tab.
Click View Setup Instructions to review Okta setup instructions to configure SAML 2.0 for MadKudu.
Keep this page open, you'll need to copy the URLs and certificate and paste them in MadKudu App.
In MadKudu
Open a new page to go to MadKudu App (app.madkudu.com),
Go to Settings
Click on the Authentication tab
Select Okta in the Enforce SSO picklist
Paste in the form the
Identity Provider Single Sign-On URL
Identity Provider Issuer
X.509 Certificate
Click Save
Nice! Now MadKudu will be able to recognize your Okta account.
Now you need to assign users to the MadKudu app both in Okta and in MadKudu. Please follow both steps here