The single sign-on (SSO) capability in Device Magic allows you to leverage an identity provider like Okta to handle user authentication, user provisioning, and device provisioning for Device Magic.

To setup Okta for user provisioning, you will need to follow these steps:

1. From the Okta Admin console, create a new application integration

2. Select SAML 2.0

3. Provide an App name (and optionally a logo)

4. Set the General settings as follows:

5. Setup the Attribute Statements to provide the claims that will be sent to Device Magic for user, group, and role information. For each of these, the Name Format should be set to URI Reference. You can set the Value field to any data fields that you have configured in Okta:

6. Click Finish on the last page and then scroll to the bottom of the page to access the SAML Setup section and click on "View SAML setup instructions"

7. On this page you will find your X.509 certificate. Okta does not provide a certificate fingerprint, which is needed for configuring Device Magic, so you will need to use a certificate fingerprinting tool to get the SHA-1 fingerprint of the certificate such as https://www.samltool.com/fingerprint.php. Paste the X.509 certificate in the tool, select SHA-1, and generate a fingerprint. This value will be used along with the other values listed on the SAML setup instructions page to configure Device Magic. Make note of these settings for use later.

8. At this point you will want to ensure the users that you want to provide access to Device Magic are assigned to this application on the Assignments tab. It is also a good idea to ensure that the values you selected for the claims are also filed out in Okta for those users.

9. Now we will move on to the SAML configuration in Device Magic. Navigate to the Device Magic SAML page by clicking on Settings > Organization Settings and then clicking the SAML Settings link on the right hand of the page under Integrations.

10. On this page you are going to fill out the fields with the values from step 7 above (the values found in the Okta SAML setup instructions). Click Save and you can now test authentication through Okta.

The Sign-Out URL should be set to the following:

https://app.devicemagic.com/saml/idp_sign_out

With setup now complete, you can test your setup by logging out of Device Magic and then going to:

https://app.devicemagic.com/users/saml/start

This link can be accessed by clicking "Log in with SSO" from the login page.

If you have any questions or comments feel free to send us a message at support@devicemagic.com.

Did this answer your question?