Table of contents
Integrating Okta with Fugo
Single Sign-On (SSO) enhances your organization's security by allowing employees to use one set of login credentials for multiple applications and services. For instance, if a new user joins or leaves your organization, you can simply enable or disable their access to Fugo directly from Okta.
The Okta Identity Cloud securely connects the right individuals to their technologies, reducing the number of login credentials your organization needs to manage. You can use Okta to log in to Fugo.
To get started, follow the steps below to configure SSO in both Fugo and Okta.
The configuration involves multiple steps: first, you need to create a Fugo app in Okta, and then configure the corresponding SSO settings in your Fugo account.
Create a Fugo app in Okta
💡 Note: We strongly advise that you configure this functionality in Incognito mode of your browser. This will allow you to keep the session in the regular window and turn off SSO authorization if something is configured improperly.
1. In your Okta account, go to your Admin page and choose Application from the Application list.
2. Click on Create App Integration and choose SAML 2.0 from the pop up selection.
3. Now you'll be prompted to complete a three-step form.
In step one you'll need to input the Fugo app name ("Fugo digital signage") and the logo as shown below 👇
4. In step two, you'll need start configuring SAML.
Enter a temporary placeholder URL in Single sign-on URL and Audience URI (SP Entity ID). We will update them at a later stage after generating them from your Fugo account.
Next, enter Default RelayState as https://fugo.ai/sso/
Scroll down and make sure that NameId format is set to EmailAddress
and that Application username format is set to Email
.
Input the rest of the fields as shown below 👇 and click Next.
You'll come back to the Configure SAML page again to complete the rest of the fields later.
⚠️ Email is the primary ID by which the user is recognized in Fugo and should not be updated on Okta's end unless you have SCIM enabled.
If you don't use SCIM but need to update your end user's addresses, please reach out to our support team at support@fugo.ai.
5. Select I'm an Okta customer adding an internal app and click Finish.
6. You'll be navigated to the Fugo digital signage app page.
Copy the metadata URL and generate an SAML Signing Certificate as shown below. You'll input this data in when configuring Okta SSO in Fugo in the next section.
Configure SSO in your Fugo account
1. Sign into Fugo and navigate to the Single Sign On tab of your Account page.
2. Choose SAML 2.0
3. Name your Identity Provider, something like Okta IDP
.
4. Input the Metadata Url from step 6 above under Login URL.
5. Input your organization domain under Domains and make sure it's correct.
6. When entering the certificate, open the okta.cert file that you downloaded in step 6 above and copy and paste it the Certificate box.
❗️Make sure to remove the begin
and end
lines before copy and pasting
-----BEGIN CERTIFICATE-----
----END CERTIFICATE-----
7. When done, click Save Settings. You'll now see the newly generated Redirect Url (ACS) and Entity Id.
Copy them down as you'll be inputting them into the Fugo app configuration in Okta in the next section.
Edit the Fugo app in Okta
1. Open the Fugo digital signage app from your Applications.
Navigate to the General tab start editing your SAML Settings.
2. Click Next to navigate to your Configure SAML settings again.
3. Copy and paste the Redirect URL and Entity Id from step 7 above into the Single sign-on URL and Audience URI (SP Enitty ID) fields, respectively.
Click Next and Finish to save the second stage of changes.
You'll come back to the Configure SAML settings shortly and configure its attributes, but first we need to add attribute mappers to the Fugo app in Okta.
User Provisioning
You can now assign Fugo Roles and Fugo Space memberships when adding users to your account from your IDP.
To invite new users, you simply need to make the Fugo app available for them from your IDP. When they sign in for the first time, they will be automatically added to your account with roles and space memberships as specified under your User Provisioning settings.
1. Go to the Profile Editor tab in your Directory and choose Fugo digital signage User.
2. Add the following attributes:
fugo_role
fugo_space
firstName
lastName
3. Click on Mapppings and then choose Okta User to Fugo digital signage.
From there, map your Okta user roles to the Fugo digital signage User profile:
user.firstName -> firstName
user.lastName -> lastName
4. Now head back to your Applications and choose Fugo digital signage again.
5. Here you can assign your Okta users to the Fugo digital signage app and set their corresponding Fugo role and space.
💡 Note: First Name and Last Name will be auto imported for you since we did the mapping earlier.
The fugo_role
attribute now requires a role name that matches the roles in your Fugo account. If the Fugo role name is not found, the new user will be assigned the default role.
Additionally, the fugo_space
attribute requires a Space name that matches an existing Space in your account. Otherwise, the user will be added to the root space.
❗️Make sure fugo_role and fugo_space roles exactly match the corresponding values in Fugo.
As a reminder, the default role is the admin role but it can be set to any other existing role in your account. You'll find those on the Roles tab of your Account page:
7. Head back to the Fugo app SAML Integration page as before and add these Atribute Statments exactly as shown below:
fugo_role -> appuser.fugo_role
fugo_space -> appuser.fugo_space
firstName -> user.firstName
lastName -> user.lastName
This will ensure that user roles are correctly mapped to Fugo. When done, click Next and then Finish to complete the configuration process.
How to sign into Fugo using SSO
Your Fugo users can sign into Fugo using the Sign in with Single Sign On link available on the login page:
Need more help?
If you need help at any time, you can always drop a message in our chat box or write to us at support@fugo.ai!