Development Guides

SAML setup OKTA

Purpose: Assistance with creating an Orion SSO app in Okta.

Simple Use Case: Your firm would like to leverage Okta SSO capabilities, and you want a SAML SSO into Orion.

Scope and Outputs: This is for the out of the box Okta solution for a SAML SSO into Orion

Process Overview:

In Okta as an Admin you will elect to add an app.  This will be a SAML 2.0 setup and you’ll enter the appropriate data for your firm.  You’ll need to request a partner ID from Orion as well as provide us with your certificate and issuer/entity ID.

Process Steps:

  • Submit a case to SME Integrations via the Orion Support App to request a Partner ID and Secret, you’ll need the Partner ID for the setup. Please allow 1-2 business days turn around.
  • Submit a case to SME integrations via the Orion Support App with your certificate and issuer, or metadata to be installed in Orion.  Please allow 2-4 weeks turn around. 
  • Set up  SAML Configuration
    • Single Sign- On URL  : https://auth.orionadvisor.com/sso/SAMLConsumer/
      • Audience URI : Firm URI (Issuer)
    • Application username : Update accordingly if default does not match the Orion username as these values must match.  
  • Add Attributes  ** Please note the attributes are case sensitive and must be exactly as typed below. 
    • authFlow = Trusted
    • partnerId = Orion provided partner ID from above
  • Click Advanced Settings
    • Leave Response and Assertion Signature as Signed.
    • Add certificate under Signature Certificate.
  • Once all steps are completed you may select “Preview SAML Assertion” and select next. 
  • Test your newly created app.  Be sure your user in Orion matches the user data you have in Okta.

Process Visualization:

  • Set up  SAML Configuration
    • Single Sign- On URL  : https://auth.orionadvisor.com/sso/SAMLConsumer/
      • Audience URI : Firm URI (Issuer)

Leave Default Relay State, Name ID Format, Application Username, and Update Application username on, as default values

  • Add Attributes  ** Please note the attributes are case sensitive and must be exactly as typed below.
    • authFlow = Trusted
    • partnerId = Orion provided partner ID from above

Click Advanced Settings

  •                Leave Response and Assertion Signature as Signed.
  •                Add certificate under Signature Certificate.

Once all steps are completed you may select “Preview SAML Assertion” and select next. 

Process Tips or Controls:

  1.  We do offer the authFlow of “TrustedPrompt” as well, however, “Trusted” is best practice. 
  2. Be sure the authFlow are partnerId and authFlow type (above) are spelled as listed, as they are case sensitive.