Okta offers implementation of Security Assertion Markup Language (SAML) for your network. SAML is the most-used security language that has come to define the relationship between identity providers and service providers. An open-source XML tool, SAML is an absolute must for anyone needing reliable access to secure domains, as it eliminates the need for passwords and uses digital signatures instead. With SAML, there’s reduced risk of phishing and identity theft for service providers, since they don’t have to store log-in credentials for individuals, making damaging data.
In this article we will outline setting up Okta as a SAML Identity Provider so that we can utilize Telnyx's Single Sign-On feature. The Okta platform is an identity management system that uses single sign-on (SSO) and a cloud directory that helps companies manage and secure user authentication into applications. It is one of the many SAML providers that Telnyx supports for our SSO feature.
Additional resources:
Instructions for setting up Okta SAML Identity Provider with your Telnyx account
In this activity you will:
Create an SSO app on Okta
Pre-requisites:
Ensure that your Telnyx Mission Command Portal is configured properly
RECOMMENDED: Enable TLS to encrypt your traffic
Create an Organization in the Organization section of the Telnyx Mission Control Portal and make sure you record the Assertion Consumer Service URL
Video Walkthrough
Setting up your Telnyx SIP portal account so you can make and receive calls:
Note: Video walkthrough for Okta/Telnyx configuration coming soon. Check back as we update our docs. |
1. Create an SSO app on Okta
In this section, you will create an SSO app on Okta that you'll use to configure SSO authentication through Telnyx.
Log into your Okta Admin panel.
Click on Applications in the left-hand navigation and click the blue Browse App Catalog button.
Use the App Integration search bar to search for SAML and choose SAML Service Provider from the search results.
On the next screen, click on the blue Add button.
On the Add SAML Service Provider page, change the Application Label to whatever name you desire.
Click Next.
On the Sign-On Options page, select SAML 2.0 (This may be selected already).
Set the Default Relay State to “https://portal.telnyx.com”.
Click the blue View Setup Instructions button and retrieve your Identity Provider Entity Id on the opened tab. Take note of this, because you'll need it soon. This will be used to create our Identity Provider Metadata link.
This link should resemble this format: https://<okta-org>.okta.com/app/<okta-idp-id>/sso/saml/metadata
You can also find this link by copying the link for "Identity Provider metadata".
2. Obtain Organization configuration details from Telnyx
In this section, you'll log into your Telnyx portal and get the necessary configuration details to finish setting up your Okta SSO app.
Log into your Telnyx Mission Control Portal.
If you did not complete this step as part of your pre-requisite activities, navigate to your Organization section of the Telnyx Mission Control Portal to create an Organization.
Once created, navigate to the Single Sign-On section of the portal and click the green Enable Single Sign-On button.
You will be presented with the following fields:
Authentication Provider name and Short Name: Enter the values that make sense for you here.
Please note that the Short Name will be part of the SSO URLs.
IdP Metadata URL: Paste the Identity Provider Entity ID you obtained in step 9 of section 1.
Click Import IdP Settings & Save.
NOTE: After saving, the IdP Entity ID field will be set to "not found" (this is an error on the Okta file), so we have to fill it manually. Take the IdP Metadata URL and extract the <okta-idp-id> from it, and paste it in this field.Click Save Changes.
Scroll down to the Authentication Provider Generated Config section and take note of the values for the following, as you'll need them soon:
3. Add your Telnyx Organization details to your Okta SSO app
In this final section, you'll return to Okta and provide the information you obtained from Telnyx in step 7 of section 2.
Head back to your Okta Admin page and fill in the Advanced Sign-On settings and Credential details.
Use the values generated for Assertion Consumer Service URL and Service Provider Entity ID on the Telnyx Mission Control Portal (step 7, section 2) and paste into the corresponding fields.
In the Application username format field select Email.
Click Save.
Once you are ready to enable the configs, return to your Telnyx Mission Control Portal and select Enable Single Sign-On.
Click Save Changes.
Your chosen settings are now in effect! This will send all users in your organization an email informing them that SSO is now enabled. Your users will still be able to login using username/password for the next 72 hours. After that, they will be required to use SSO.
Troubleshooting
Q. I'm experiencing difficulty with this configuration!
A. If you experience technical difficulties while attempting to set up your Okta SSO with Telnyx, its possible your provider is experiencing outages/maintenance. You can check the status of Okta's features at https://status.okta.com/.
Additional Resources
Review our getting started with guide to make sure your Telnyx Mission Control Portal account is setup correctly!
Additionally, check out: