Salesforce

SSO configuration steps in Okta IdP

Printable View
« Go Back

Information

 
Answer
This supplementary document is to help you set up SSO for Tango portal with your Okta Identity Provider (IdP). You must first configure your IdP as an admin to create an entry for Tango portal Single Sign-On (SSO). Consult with your company’s IdP expert for the latest IdP configuration steps and instructions.
 
Note: This document is created in August 2024. We’re only providing a general guidance to get you started. For up-to-date procedure and screenshots, refer to the your IdP documentation.

 

Disclaimer: Tango has no affiliation with Okta. Tango makes no warranty of any kind, whether express or implied, with regard to any third party products, third party content, or third party services. Tango will not be liable for loss damage, cost or expense, whatsoever resulting from this guide. This guide is provided as a courtesy. To confirm accuracy or completeness of this guide, please consult with Okta directly.

 

Follow our procedure below:

Requirements

  • An IdP account with admin permissions

  • A Tango portal account with manage authentication permissions

 

OKTA OIDC SSO configuration steps

To set up SSO with Okta OIDC for the Tango platform, you need an administrator account access to your IdP provider. Log in to your IdP and create and entry for the new SSO. Find out Connection display name, Client ID, and OpenID Connection ID Token Issuer URL in your IdP before continuing in Tango portal.

To set up Okta OIDC:

  1. Log in to your Okta IdP with an admin account.

  2. Go to Applications and click Create App Integration.

okta1.png

  1. Select OIDC OpenID Connect and Web Application.
     

 

okta-new-application.png

  1. Click Next.

  2. Under General tab > General Settings:

    1. Enter a name in the App integration name field, such as “Tango OIDC”. You can use this name as Connection display name in Tango.
       

      okta3.png

       

    2. Select Implicit (Hybrid) for Grant type.

    3. For Controlled access, select everyone in your organization or limit users.

    4. Click Save.

  3. Under General tab > Client Credentials:

    Click to copy the Client ID value. You need it later to Add SSO connection in Tango portal.

    okta4.png

  4. Under Sign On tab:

    1. Click the drop-down menu next to Issuer and select the Okta URL link. You need to enter this link later in the OpenID Connection ID Token Issuer URL field when configuring Tango portal. The URL link will be automatically appended with the following extension as soon as you paste it in Tango portal: (/.well-known/openid-configuration). See how to Add SSO connection in Tango portal.

      okta5.png

    2. Click Save.

  5. Click Edit next to General settings > Login:

    1. For Sign-in redirect URIs, paste one of the following links based on your environment:

    2. Click Save.

  6. Follow the remaining steps in Tango portal. See how to Add SSO connection in Tango portal.

OKTA SAML SSO configuration steps

To set up SSO with Okta SAML for the Tango platform, you need an administrator account access to your IdP provider. Log in to your IdP and create and entry for the new SSO. Find out Connection display name, Entity ID, and Metadata URL in your IdP before continuing in Tango portal.

 

To set up Okta SAML SSO:

  1. Log in to Okta IdP with an admin account.

  2. Go to Applications > Create App Integration.
     

     

  3. Select SAML 2.0 and click Next.

  4. Under General tab > General Settings:

    Enter a value for the App name, such as “Tango SAML SSO”, and click Next.
     

    okta8.png

  5. For Sign-in redirect URIs, paste one of the following links based on your environment. Alternatively, this link is accessible through Tango portal’s Team settings > Authentication > SAML connection.

 

  1. Enter Tango entity ID. This name will also be used in Tango portal configuration under SAML > Entity ID.

  2. Create attributes by copying the following values from Tango portal and pasting them here in your IdP under Attribute Statements. See how to Add SSO connection in Tango portal:

    Tango attributes*

     

    Okta defaults

     

    given_name

    user.firstName

    family_name

    user.lastName

    email

    user.email

    username

    user.login

    email_verified

    true


    *For other IdPs, refer to the IdP documentation to find out their attribute names.

  3. Click Next and then Finish.

  4. Click the newly created application: 

    1. Under the Assignments tab, click Convert Assignments > Convert all assignments from the drop-down menu. 

    2. Select Groups or People to assign to this new SAML SSO connection, and click Done.

      okta10.png

    3. Click Sign On.

    4. Click Copy next to Metadata URL here and paste the link in SAML > Matadata URL in Tango portal. See how to Add SSO connection in Tango portal.

      okta11.png

     

  5. Continue the SSO configuration in Tango Portal. See Add SSO connection in Tango portal.

 

Add a tile in Okta for OIDC SSO connection

You can add a tile for the newly created Tango OIDC SSO connection to your Okta dashboard. To start, make sure you have enabled the SSO in Tango portal. Log in to your Okta IdP and follow the instructions below:

To add Tango SSO tile:

  1. Log in to Okta IdP using your admin account

  2. Select your Tango application OIDC on the list.

  3. Go to Applications > General Settings and click Edit.

  4. Enter a value for App integration name such as “Tango OIDC”.

  5. Select Login initiated by > Either Okta or App.

  6. Select Application visibility >Display application icon to users.

    image-20250129-213630.png 

  7. Under Initiate login URI, copy and paste the same link you have found under “Service provider URL” in Tango portal.
    To copy the Service provider URL:

    1. Sign in to the Tango portal.

    2. Go to Platform settings > SSO connections.

    3. Click your newly added SSO.

    4. Scroll down to copy the Service provider URL and click Save. See full instructions in Add SSO connection in Tango portal.

     

     

  8. Click Edit next to Federation Broker Mode and Disable it.

    image-20241024-014505.png 

  9. Click Save. 

  10. Click Edit Logo and upload Tango logo measuring 420 x 120 pixels.

  11. Click Save.
    Refresh your Okta dashboard under My Apps and see the newly created “Tango” tile. To test, click the tile to log you in to the Tango portal.


 

Add a tile in Okta for SAML SSO connection

You can add a tile for the newly created Tango SSO connection on your Okta dashboard. To start, make sure you have the administrator rights and have enabled SSO in Tango portal. Log in to your Okta IdP and follow the instructions below:

To add Tango SSO tile:

  1. Log in to Okta using your admin account.

  2. Click Okta apps > My end user dashboard on top of the page.

  3. Inside the dashboard, click Add apps on the left menu.

  4. Type and search for “Tango” in the Search box. Tango cannot be found but in the search screen that appears, click Add a bookmark instead.

  5. For App URL, copy the Service provider URL and click Save.
    To copy the Service provider URL:

    1. Sign in to the Tango portal. 

    2. Go to Platform settings > SSO connections.

    3. Click your newly added SSO.

    4. Copy Service provider URL and click Save. See full instructions in Add SSO connection in Tango portal.

  1. Enter an App name such as “Tango portal”.

  2. Click Save.
    Refresh your Okta dashboard under My Apps and see the newly created “Tango portal” tile. To test, click the tile to log you in to Tango portal.

 

More resources

 
TitleSSO configuration steps in Okta IdP
URL NameSSO-configuration-steps-in-Okta-IdP
Powered by