In this article we will outline setting up Okta as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. The Okta platform is an identity management system that uses single sign-on (SSO) and a cloud directory that helps companies manage and secure user authentication into applications. It is one of the many SAML providers that Telnyx supports for our SSO feature.
NOTE: If you experience technical difficulties while attempting to set up your Okta SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Okta's features at https://status.okta.com/.
To begin, navigate to your Okta Admin panel. Click on Applications on the left-hand side and click the blue Browse App Catalog button.
Type "saml" into the App Integration search bar and choose "SAML Service Provider".
On the next screen, click on the blue "Add" button.
On the "Add SAML Service Provider" page, change the Application Label to whatever name you desire, and click "Next".
On the “Sign-On Options” page, select “SAML 2.0” (if not already selected) and set the “Default Relay State” to “https://portal.telnyx.com”. Click the blue View Setup Instructions button and retrieve your Identity Provider Entity Id on the opened tab.
We will use this Idp-ID to form our "Identity Provider Metadata" link.
This link should resemble this format: https://<okta-org>.okta.com/app/<okta-idp-id>/sso/saml/metadata
Next, navigate to your Organization section of the Telnyx Mission Control Portal and create an Organization if you have not already. Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Authentication Provider Name & Short Name: You can fill these with any values you desire, though please note that the Short Name will be part of the SSO URLs.
IdP Metadata URL: We will paste the Issuer URL we grabbed in the previous step here.
Once the information is entered correctly, click Import IdP Settings & Save.
NOTE: After saving, the IdP Entity ID field will be set to "not found" (this is an error on the Okta file), so we have to fill it manually. Take the IdP Metadata URL and extract the <okta-idp-id> from it, and paste it in this field. Click Save Changes.
After saving, scroll down to the “Authentication Provider Generated Config” section and take note of the values for Assertion Consumer Service URL and Service Provider Entity ID.
Head back to your Okta Admin page and fill in the Advanced Sign-On settings and Credential details.
Use the values generated for Assertion Consumer Service URL and Service Provider Entity ID on the Telnyx Mission Control Portal and paste into the corresponding fields.
Make sure you select “Email” for the Application username format. Click Save.
Once you are ready to enable the configs, on the Telnyx Mission Control Portal, click on “Enable Single Sign-On” and “Save Changes”.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.