Skip to main content

Enhancing Security and User Experience with Okta SSO

  • Updated

What is Single Sign On and why is it required?

Meritto enables identity providers (IdPs) to verify user identities, ensuring a seamless and secure authentication process. The users can utilise their existing login credentials managed by IdPs such as Okta and Azure AD. This eliminates the need for users to remember multiple passwords, making the login process more seamless and efficient.

The standard users have the flexibility to configure and manage authentication settings for their Meritto account. In essence, SSO is a secure authentication mechanism that enables users to access multiple cloud applications with a single login through a centralised authentication system, known as an Identity Provider (IdP). The cloud applications that rely on IdP-verified authentication are referred to as Service Providers (SP).

 

How Single Sign-On (SSO) Works?

When you attempt to log in to Meritto portal, the SSO process follows these steps:

  1. Existing Session Check – If you have already logged in using SSO, the application grants you immediate access.This use case occurs when a user logs in through an identity provider like Okta. Upon requesting access to Meritto, the user is automatically authenticated and logged in via the Login via SSO CTA.
  2. Authentication Request – If you have not logged in, you are prompted to authenticate through a third-party identity provider (IdP) like Okta.In this scenario, the user must select the Login via SSO option on the login page to authenticate through their designated Identity Provider (IdP).
  3. Identity Verification – The IdP verifies your credentials, confirms that the requesting application is legitimate, and issues an authentication token.
  4. User Authentication – The application receives the token and grants you access based on the verified identity.
  5. Session Continuity – Once logged in, authentication data (in the form of cookies or tokens) is retained, allowing seamless navigation across different pages of the application without requiring repeated logins.

How to add Meritto as an application to Okta dashboard?

Step 1: Log into Okta as an Admin. 

Step 2: From the Admin Dashboard, click on ‘Applications.’

 

NOTE:

You can use the shortcuts to easily add (Add Application button) and assign (Assign Applications button) applications. 

 

 

Step 3: Under the Applications page, click on the ‘Add Application’ button. 

 


Step 4: Search for Meritto. Click on the ‘Add’ button.

Step 5: Enter the required information under General Settings, and then click Next.

Step 6: Click on “Sign On” to configure SSO




How to configure SSO for Meritto using Okta?

Great !!! Now that you understand how Single Sign-On (SSO) works, let's walk through the process of configuring SSO for your Meritto account.

Prerequisites:

  1. The institute should have configured the respective IDP like Okta 
  2. It is mandatory for the institute to have Single sing-on as a add-on feature while account on-boarding 
  3. Once the feature is added for the account, the user who would be configuring the SSO should have “Allow users to view/edit Single sign-on settings” permission enabled to configure the SSO successfully. 

Once all the above prerequisites are met, please follow the steps below to configure SSO for a standard user:

Step 1: Log in to your Meritto portal and click on the settings icon located at the top-right corner of your screen.

Step 2: In the left-side menu at the L1 level, search for "Security Settings." Once you navigate to Security Settings, locate the expandable section labelled "Login Method" at the L2 level. Expand this section to proceed further.




Step 3: When you select the SSO Login method, the following authentication options should be displayed:

  • Okta using SAML

Step 4: If the user selects the Okta using SAML method, a pop-up slider would appear displaying the following details:

  • Issuer ID / SP Entity ID - 
    • The Issuer ID is mandatory to configure your Okta. Please ensure that your Name ID format is set to Email Address.
    • This needs to be entered on IDP while setting up SAML settings 
  • SSO URL / Destination URL -
    • This needs to be entered on the IDP while setting up the SAML settings
    • Make sure you click on the check-box named - “Use this for recipient URL and Destination URL
  • Entity ID provided by the IdP -
    • This can be found in the view set-up instructions of the Okta
    • This further needs to be entered on Meritto while doing the SSO configuration
  • Single sign-on URL -
    • This can be found in the view set-up instructions of the Okta
    • This further needs to be entered on Meritto while doing the SSO configuration
  • Metadata URL - 
    • This needs to be entered on Meritto using the sign on details of the IDP
  • Logout URL -
    • Optional logout URL to which the users will be sent when they logout.
  • Signing certificate (X.509 Certificate) -
    • This can be found in the view set-up instructions of the Okta
    • This further needs to be entered on Meritto while doing the SSO configuration
  • SAML Single Logout - 
    • Enable this option if you would like to log out the session at the IdP side when the user logs out in Meritto.
  • SLO (Single Logout) URL 
    • The URL where the session logout response is sent on the IdP side when the user logs out from Meritto.
  • Identity Provider Single Logout URL -
    • This is an optional pre-filled field which is further used when you log out from your system and you want to log out from Meritto as well.

 

Step 5: Enter the required information in the designated fields. Once all fields are completed, click on "Configure SSO" to proceed.

 

NOTE:

Once all necessary information is provided and SSO is configured, the SSO Login toggle on the Login Methods page should be activated.

Congratulations !!! You have successfully configured SSO for your account.


How to configure users in SSO?

Now that you’ve learned how to configure SSO for your account, let’s proceed with setting up users for SSO.

While configuring users, it is essential to understand the bifurcation and criteria that determine how SSO can be applied to standard users. Let’s explore these aspects to gain a clear understanding of the configuration process.

1. Assign SSO to Individual Users: Here you would see a listing of all the users of your account including the Active and Inactive users. You can select the respective users in the [Included users] list and SSO will only work for those users. Save it to configure your users successfully.



Fantastic! Now that you have understood the bifurcation and criteria for applying SSO to standard users, let’s move forward.

NOTE:

  1. The configuration is only applicable to the users who are solely part of this account and not users who are in multiple accounts.
  2. The users enabled in this configuration will not be able to access Meritto's mobile application.
  3. Assigning users to the configured SSO is a mandatory step to configure SSO on Meritto without which your users won’ t be able to access Meritto using your SSO.

 

How to save the SSO configuration as a draft?

Step 1: Once you have filled in all the relevant fields while configuring SSO, clicking on the [Cancel] CTA should save all the entered details as a draft.

 

NOTE:

  1. The saved drafts should appear as a list under the [SSO Login] method option.

How to edit the SSO configuration ?

Users can edit the configuration after the draft has been successfully saved. Kindly follow the steps below to proceed.

Step 1: Log in to your Meritto portal and click on the settings icon located at the top-right corner of your screen.

Step 2: In the left-side menu at the L1 level, search for "Security Settings." Once you navigate to Security Settings, locate the expandable section labelled "Login Method" at the L2 level. Expand this section to proceed further.

Step 3: Once you expand the section, you will find your previously configured SSO saved as a draft. Click on the three-dot action button to open a dropdown menu.

Step 4: Click on the edit SSO icon. Once you are done making the necessary changes, click on Save




Congratulations !!! You have successfully saved the changes made in your SSO configuration.  





Comments

0 comments

Please sign in to leave a comment.