Chord Platform and Okta SSO Integration

welcome to the chord platform sso integration guide this will cover the basic understanding of the integration of okta and the sso flow and go through the setup process step by step architecture diagram user flow the user logs into idp (e g okta) dashboard and selects the chord application okta servers request that the user authenticate the login on success, the user is redirected to the data platform the chord data platform validates the session information from the idp and logs the user in sequence diagram sequence diagram setup guide receive the two configuration settings from chord acs url xxxxxxxxx audience uri xxxxxxxxx create and configure a new okta application log into okta com and click create app integration in the applications tab create applicaiton select saml 2 0 in the general settings form, enter "chord hub" if integrating on the chord data platform's staging instance, append" staging" to the name the icon below can be downloaded and uploaded for the chord application in the configure saml form, use these steps for the following fields single sign on url enter the acs url value from the chord configuration "use this for recipient url and destination url " should remain checked "use this for recipient url and destination url" should remain checked audience uri (sp entity id) enter the audience uri value from the chord configuration default relaystate this value can remain blank " name id format select ”emailaddress" "application username select “email" attribute statements create these two name firstname; name format basic; value user firstname name lastname; name format basic; value user lastname configure saml there may be a feedback form on the next step, which can be ignored then click "finish " view and send chord your saml setup setup instructions 1\ click the view saml setup instructions button on the sign on tab of your newly created okta application view saml setup instructions 2\ send chord the following values from the setup instructions page identity provider single sign on url identity provider issuer x 509 certificate (including the begin certificate and end certificate lines) provision access to the chord application on the assignments tab under your application in okta, assign the application to team members who should have access to it by clicking assign assignment button test sso integration after confirmation from chord the okta user dashboard should show the chord application please test the integration by clicking the application to sign in to chord