Walkthrough: Setup OKTA SAML SSO with Appian
The purpose of this article is to outline step by step guide in setting up OKTA authentication with Appian.
Steps are as follows:
- Log into OKTA namespace
- Expand ‘Applications’, click on ‘Applications’ and click on ‘Create App Integration’
3. Select ‘SAML 2.0’
4. Give the App a name and click ‘Next’
5. Populate the Endpoints as follows:
SAML AssertionConsumer Endpoint: https://<appiansite>/suite/saml/AssertionConsumer
Service Provider Entity ID: https://centos7.support.com
6. Scroll Down and add Attributes as follows:
7. Validate the SAML Assertion by clicking on ‘Preview the SAML Assertion’
What should return is the metadata SAML Assertion Response which confirms there are no validation/syntax issues.
8. Click ‘Next’ and ‘Finished’
9. Click on ‘Assignments’ tab and add users to the application
10. Click on ‘Assign’ and select ‘Assign to People’ and assign an OKTA user.
11. After clicking ‘Save and Go Back’ click ‘Done’
12. Download the IdP Metadata XML file that needs to be imported into the Appian SAML configuration.
Click on ‘Sign On’ tab, scroll down to SAML Setup on the right and click on ‘View SAML setup instructions’
13. Once ‘How to Configure SAML 2.0 for AppianSAMLv2 Application’ is open scroll down to the bottom
14. Expand the box and copy the contents into notepad and save as *.xml
Appian SAML Configuration
15. Log into Appian and navigate to the Admin Console
16. Click on ‘SAML’ and ‘Add SAML Identity Provider’
17. Here is an example of a Appian SAML configuration
Note: Service Provider Entity ID must be the same as that on the IdP side (see point 5 above)
Note: Identity Provider Metadata is captured, saved as *.xml and imported here (see point 14 above)
With regards to the Service Provider Signing Certificate, create a certificate in PEM format.
Example using a Self Signed Certificate (for test purposes)
Import as per point 17 above.
Create an appian user that matches the OKTA user and add to the group e.g. OKTA group name. Then test the connection.