Configuring SAML SSO to Nametag with Okta

This guide will walk you through the steps to configure SAML SSO to Nametag with Okta.

Prerequisites

In order to configure Nametag for single sign on with Okta, you must have:

An Okta account and be an administrator.
A Nametag organization and an account with the Owner role.

Initial Setup

In Okta, navigate to the Applications tab and click Create App Integration.

Choose SAML 2.0 and click Next.

Enter Nametag for App name and download the Nametag logo from https://nametag.co/logos/console.png and upload it to Okta.

Click next to move to the Configure SAML tab.

Gathering information from Nametag

In Nametag, click Configure, then Organization and choose Sign in with SAML SSO.

Copy the following values from Nametag to the Okta console:

Copy Nametag’s sign in URL and paste it into the Single sign-on URL field in Okta.
Copy the value for Nametag’s Entity ID and paste it into the Audience URI field in Okta.

Configuring Okta

In the Okta Configure SAML tab, select the following:

Leave Default RelayState blank.
Select EmailAddress for the Name ID Format.
Select Email for the Application username.
(Optional) In Attribute Statements, add the following:

Name Name Format Value

firstName Basic user.firstName

lastName Basic user.lastName
In Group Attribute Statements section, click Add Another and enter the following values:

Name Name Format Value

group Basic starts with Nametag

Name	Name Format	Value
`firstName`	Basic	`user.firstName`
`lastName`	Basic	`user.lastName`

Name	Name Format	Value
`group`	Basic	starts with `Nametag`

Tap Next to move to the Feedback tab. Complete the Feedback form and click Finish.

Gathering information from Okta

In Okta, navigate to the Sign On tab. Under SAML 2.0, expand More details.

Copy the following values from the Okta console to Nametag:

Copy the Sign on URL value from Okta and paste it into the Sign in URL field in Nametag.
Copy the Issuer value from Okta and paste it into the Entity ID field in Nametag.
Copy the Signing Certificate value from Okta and paste it into the Identity provider certificate field in Nametag.

Create groups in Okta for each Nametag role

In Okta, navigate to Directory, then Groups and create a group for each role in Nametag:

Nametag Role	Okta Group Name	Description
Owner	Nametag Owners	Full access to the organization, all environments, and their configuration
Admin	Nametag Admins	Full access to their environments and their configuration
User	Nametag Users	Access to all requests and detailed results in their environments
Limited	Nametag Limited	Access to only their own requests and simplified results in their environments

Pro-tip: This would be a good time to add yourself to the Nametag Owners group.

Navigate back to Applications, click the Nametag app, and select Assignments tab. From there, click the Assign dropdown and select Assign to Groups.

For each of the Nametag groups you created, click Assign and then click Done.

Test the configuration

Back in Nametag, click Test Configuration.

You will be prompted to sign in to Okta, if needed, and then be sent back to Nametag. When prompted, press Save this sign-in method.

Congratulations! You have successfully configured SAML SSO to Nametag with Okta.