Chord OMS
...
Developer Tools
Authentication

Chord Platform and Okta SSO Integration

8min

Welcome to the Chord Platform SSO integration guide. This will cover the basic understanding of the integration of Okta and the SSO flow and go through the setup process step by step.

Architecture Diagram

Document image


User flow

  1. The user logs into IdP (e.g. Okta) dashboard and selects the Chord application.
  2. Okta servers request that the user authenticate the login.
  3. On success, the user is redirected to the data platform.
  4. The Chord data platform validates the session information from the IdP and logs the user in.

Sequence Diagram

Sequence Diagram


Setup Guide

Receive the two configuration settings from Chord

  1. ACS URL: XXXXXXXXX
  2. Audience URI: XXXXXXXXX

Create and configure a new Okta Application

  1. Log into okta.com and click Create App Integration in the Applications tab:

    Create Applicaiton
    
  2. Select SAML 2.0.
  3. In the General Settings form, enter "Chord Hub".
    • If integrating on the Chord data platform's staging instance, append" - Staging" to the name.
    • The icon below can be downloaded and uploaded for the Chord application:
    • Chord logo
      
  4. In the Configure SAML form, use these steps for the following fields:
    • Single sign-on URL: Enter the acs_url value from the Chord configuration.
    • "Use this for Recipient URL and Destination URL" should remain checked.
    • "Use this for Recipient URL and Destination URL" should remain checked.
    • Audience URI (SP Entity ID): Enter the audience_uri value from the Chord configuration.
    • Default RelayState: This value can remain blank.
    • " Name ID format: Select ”EmailAddress".
    • "Application username: Select “Email"
    • Attribute Statements: Create these two:
      • Name: firstName; Name format: Basic; Value: user.firstName
      • Name: lastName; Name format: Basic; Value: user.lastName
    • Configure SAML
      
  5. There may be a feedback form on the next step, which can be ignored. Then click "Finish. "

View and send Chord your SAML setup setup instructions

1. Click the View SAML setup instructions button on the Sign On tab of your newly created Okta application:

View SAML setup instructions


2. Send Chord the following values from the setup instructions page:

  1. Identity Provider Single Sign-On URL
  2. Identity Provider Issuer
  3. X.509 Certificate (including the BEGIN_CERTIFICATE and END_CERTIFICATE lines)

Provision access to the Chord Application

On the Assignments tab under your application in Okta, assign the application to team members who should have access to it by clicking Assign:

Assignment button


Test SSO integration after confirmation from Chord

The Okta user dashboard should show the Chord Application. Please test the integration by clicking the application to sign in to Chord.