Guide for Drupal Single Sign On (SSO) using Okta as Identity Provider (IdP)


Okta Single Sign On (SSO) For Drupal miniOrange provides a ready to use solution for Drupal. This solution ensures that you are ready to roll out secure access to your Drupal site using Okta within minutes.

Step 1: Configuring Okta as Identity Provider (IdP)

  • Log into Okta Admin Console.
  • Select Classic UI from top right of the dropdown.
  • Okta_sso_oktaimage1
  • Click on Add Applications.
  • Okta_sso_oktaimage2
  • Click on Create New App.
  • Click on the SAML 2.0.
  • Okta_sso_oktaimage3
  • In General Settings, enter App Name and click on Next.
  • In SAML Settings, enter the following: Okta_sso_oktaimage4
    Single Sign On URL Enter ACS (AssertionConsumerService) URL from the Service Provider Metadata tab of the module.
    Audience URI (SP Entity ID) Enter SP Entity ID / Issuer from the Service Provider Metadata tab of the module.
    Default Relay State Enter Relay State from the Service Provider Metadata tab of the module.
    Name ID Format Select E-Mail Address as a Name Id from dropdown list.
    Application Username Okta username.
  • Configure Attribute Statements and Group Attribute Statement (Optional).
  • Okta_sso_oktaimage6

Step 2: Assigning Groups/People

  • After creating and configuring the app go to the Assignment Tab in Okta.
  • Here we select the people and groups you want to give access to login through this app. Assign this to the people/group you would to give access.
  • Okta_sso_oktaimage7
  • After assigning the people/groups to your app go to Sign On tab.
  • Click on view setup instructions to get the SAML Login URL (Single Sign on URL), Single Logout URL, IDP Entity ID and X.509 Certificate.
  • Okta_sso_oktaimage8

Step 3: Configuring Drupal as Service Provider (SP)

  • In miniOrange SAML Module, go to Service Provider Setup tab. There are two ways to configure the Module:
    •  By Uploading Okta Metadata File:

      • Click on Upload IDP Metadata.
      • Upload metadata file and click on Upload.

       Manual Configuration :

      • Provide the required settings (i.e. Identity Provider Name, IdP Entity ID or Issuer, SAML Login URL, X.509 Certificate) and save it.
        Identity Provider Name For Example : Miniorange
        IdP Entity ID or Issuer Identity Provider Issuer from Okta Setup Instructions
        SAML Login URL Identity Provider Single Sign-On URL from Okta Setup Instructions
        X.509 Certificate X.509 Certifiacate from Okta Setup Instructions

Step 4: Attribute Mapping (It is Optional to fill this.) This is a Premium feature.

  • Attributes are user details that are stored in your Identity Provider.
  • Attribute Mapping helps you to get user attributes from your IdP and map them to Drupal user attributes like firstname, lastname etc.
  • While auto registering the users in your Drupal site these attributes will automatically get mapped to your Drupal user details.
  • In miniOrange SAML Module, go to Mapping tab and fill in all the fields.
    Username: Name of the username attribute from IdP (Keep NameID by default)
    Email: Name of the email attribute from IdP (Keep NameID by default)
    Group/Role Key: Name of the Role attribute from IdP
  • drupal saml sp attribute mapping
  • You can check the Test Configuration Results under Service Provider Setup tab to get a better idea of which values to map here.

Step 5: Role mapping. (It is Optional to fill this.) This is a Premium feature.

  • Drupal uses a concept of Roles, designed to give the site owner the ability to control what users can and cannot do within the site.
  • Role mapping helps you to assign specific roles to users of a certain group in your IdP.
  • While auto registering, the users are assigned roles based on the group they are mapped to.
  • drupal saml sp role mapping

Step 6: Sign In Setting. This is a Premium feature.

  • Go to SIGNIN Settings tab. There are multiple features availabe in this tab like Protect your whole site, Auto redirect the user to Identity Provider,auto-create user and Backdoor Login. To use these features, click on the respective checkboxes.
  • drupal saml sp sign in settings

Business Trial For Free

If you don't find what you are looking for, please contact us at info@xecurify.com or call us at +1 978 658 9387.