This article is intended to help you set up your Okta console with Nucleus SSO.
Note: You will need to contact your Nucleus support representative in order to get the urls needed to go through this setup.
To set up Okta SSO with Nucleus:
1. In a browser window, log into your Okta console.
2. Click Admin to go to the Administrator console
3. In this console, navigate to Applications > Applications
4. Click on the green Create New App button
5. In the dialog that opens, select the "SAML 2.0" option, then click the green "Create" button
6. In Step 1 "General Settings", enter name of the Nucleus application (EX: Nucleus) in the "App name" field, then click the green Next button.
7. On this page (SAML Settings), enter the following information:
- Single sign on URL: Use the URL given to you by your Nucleus support representative
- Audience URI (SP Entity ID)
- Name ID Format: Make sure this is set to EmailAddress
- Application Username: Make sure this is set to Okta username
8. Scroll down to Attribute Statements (Optional) and enter the following information:
- email: user.email
- firstname: user.firstName
- lastname: user.lastName
It should look like this:
9. Scroll down even further to the Group Attribute Statements (Optional). Enter in any group attributes you want to pass with the SAML request.
10. Scroll back up to the top, and then click the Download Okta Certificate on the righthand side of the screen. Save this, as you will need to send this over to your Nucleus support rep later.
11. Scroll down to the bottom of the screen and click the green Next button.
12. Click Save again if you need to.
13. You should now be taken to the Sign On page for the new SSO app you just created. Click on the View Setup Instructions link in the middle of the screen.
14. Scroll down to the bottom of the new screen to the Optional Section. Copy the content in the box and send it over to your Nucleus support representative.
Note: you can do this a few different ways. Paste the contents into a txt document or word document. Paste contents directly into an email to your Nucleus support rep, or save as xml file.
15. Send over the xml document you just saved to your Nucleus support representative
You're all done! Now you just need to add whatever users you would like to access Nucleus through your Okta SSO console. Your Nucleus support rep will reach out when SSO has been enabled on the Nucleus side, but it generally takes less than 24 hours until you are up and running.