Single Sign-On
Enabling SSO with Okta
Enabling single sign-on requires you to enable SSL in Study Tracker.
Okta
Signing-in with Okta requires the user to be registered in Study Tracker. If a user tries to sign into Study Tracker who does not already have an account, the authentication will fail with a not-very-helpful message.
Create a Study Tracker application in Okta
Configure your application in the Okta portal. Be sure that you use SAML 2 and not OAuth. Using your Study Tracker host as a root URL, configure the Okta app to use the following endpoints for your Study Tracker instance:
Single Sign-On URL:
/saml/SSOAudience URI (SP Entity ID):
/saml/metadata
So for example, if your Study Tracker app was being hosted at https://mystudytracker.com:8443, the SSO URL value would be https://mystudytracker.com:8443/saml/SSO. These URLs are case-sensitive.
Configuring Study Tracker for Okta SAML authentication
Add the following items to your application.properties file:
The sso.okta.url value refers to the URL that Okta generates and uses as the entrypoint to authentication for the application. This will be used to generate a link in the web application to allow users to trigger authentication with their Okta provider (as opposed to clicking the Study Tracker link on their Okta dashboard). The saml.idp and saml.metadata-url values refer to the Identity Provider Issuer and Identity Provider metadata URL values in the Okta app configuration, respectively. The saml.audience value should configured as your application's host, with /saml/metadata appended to it.
Generate a JKS keystore and save it in the same directory that the study-tracker.war file is located. For example:
Add the keystore location, alias, and password to your application.properties file:
Last updated