SSO configuration with Okta IdP

After you download the Tealium metadata file in Set up your SSO: Step 1, complete the following steps to configure Okta for use with Tealium SSO:

1. Locate the Tealium metadata.xml you downloaded and open the file locally. You will need to refer to this file in the Okta configuration.
2. Log in to your Okta account and navigate to Applications > Applications and click Create App Integration.

   

3. Select the SAML 2.0 sign-in method.

   

4. In the Create SAML Integration screen, enter the integration name in the App name field. Click Next.

   

5. In the Configure SAML screen, enter the following values as listed in the Tealium metadata file you downloaded:
   • Single sign-on URL: In AssertionConsumerService, use the Location value: https://prod-federation.auth.us-west-1.amazoncognito.com/saml2/idpresponse.
   • Audience URI (SP Entity ID): In EntityDescription, use the entityID value: urn:amazon:cognito:sp:us-west-1_FGJFGdCYT.
6. Configure the following additional settings:
   • Name ID format: EmailAddress
   • Application username: Email
   • Update application username on: Create and update

     

7. In the Attributes Statements (optional) section, add an attribute statement with the following settings:
   • Name: email
   • Name format: Unspecified
   • Value: user.email

     

8. (Optional) Select the business purpose for your Okta configuration. Providing Okta with background information about your app configuration allows the IdP to provide relevant support for your SAML integration.

   

9. Click Finish.
10. In the Sign On tab, copy the Metadata URL.

    

11. Save this file to your computer. You will use this file to complete the Tealium SSO configuration.