Open the web.config file and locate appSettings.
- Ensure UseSSO and UseSSL are set to the desired values.
- For appSettings, ensure SyncSSOUsers is set to True if the customer’s user store will require syncing from Okta.
- Users will also need to be synced the first time they log-in.
- Ensure that SSODomain is set to the correct URI for the Okta account.
- SSOToken should be set to the same token noted in #48 above.
- Ensure PartnerIDP is set as noted in #40 above.
- In the saml.config file, update the settings In the ServiceProvider as follows:
- Name= Host name.
- Example: charles.appianlogistics.com
- Description = DRTrack.
- AssertionConsumerServiceUrl = ~/AssertionConsumer.aspx.
- LocalCertificateFile = sp.pfx file location.
- Example: Certificates\sp.pfx
- LocalCertificatePassword = Chosen password (creating certificate files).
- Name= Host name.
Update the settings for PartnerIdentityProvider as follows:
- Name = Value of Identity Provider Issuer *
- Description = Okta
- SignAuthnRequest = True
- WantSAMLResponseSigned = True
- SingleLogoutServiceBinding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- SingleLogoutServiceUrl = Value of Identity Provider Single Logout URL*
- SingleSignOnServiceBinding = urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
- SingleSignOnServiceUrl = Value of Identity Provider Single Sign-On URL*
- PartnerCertificateFile = File location of idp.cer file
- Example: Certificates\idp.cer
* Note: Reference END OF LOGOUT SPECIFIC SETTINGS above
In the web.config file, set UseSSO appsetting to FALSE, then log in to DRTrack as an ADMIN.
- Navigate to (domain)Pages/LDAP/LDAPMapManager.aspx.
For each relevant User Group on the LDAP server, map/assign each to the proper permissions category (Roles/and Branches) to ensure the assigned users to those groups are granted access to the correct category during the sync process.
- Each DRTrack User Group (Name) is assigned a Sort Number.
- Each of DRTrack User Group is then assigned to one LDAP Group on the LDAP server.
- Each LDAP Group is assigned a matching name and Sort Number as the DRTrack User Group.
- DRTrack User Groups are sorted in order of precedence, from lowest number to the highest.
- Users can be assigned to more than one LDAP Group, but can only be assigned to one DRTrack User Group.
- If a user is assigned to more than one LDAP Group, they will be assigned to the DRTrack User Group that has the lowest number value.
- Example: If LDAP Group Branch-Las Vegas is assigned the number 100, then every user assigned to the DRTrack User Group Branch-Las Vegas 100 will all be assigned to group 100 (Las Vegas).