How do I setup SAML2 authentication with Okta in Sage Ent. Mgmt.?

2 minute read time.

SAML2 is method of using independent external authentication and it can be utilized with Enterprise Management. For SAML2, as well as OAuth2, the application grants access only when authenticated by a dedicated external server is successful.

This is an example of using SAML2 with Okta. We cannot provide examples for use with every identity management provider and you likely need to extrapolate information from your own configuration to make proper use of authentication.

Please make sure that you review the SAML2 online help topic and work closely with your Sage Certified Business Partner for configuration related to your environment.

Configure Okta

1. Login to your Okta homepage and browse to the Admin section.

2. Select Applications, Applications from the top menu.

3. Click Add Application

4. Click Create New App

5. Select SAML 2.0 and click Create

6. Provide an App name and click Next

7. Provide the

Single sign on URL = <URL to Enterprise Management>/auth/saml2/<Name of SAM2 id provider in EM>/callback

Note: The default name in Enterprise Management would be SAML2

Audience URI (SP Entity ID) = <URL to Enterprise Management>

Appropriate Attribute statements: Example: Name = mail, Value = user.email

8. Click Next

9. Fill out what is desired and click Finish

10. Click the View Setup Instructions as you will need the values for the Enterprise Management configuration

11. Take note or have available to copy the values for Identity Provider Single Sign-On URL and for Identity Provider Issuer

Note: Be sure to also assign the application to the proper people or group

Configure Enterprise Management

1. You will need to change the nodelocal.js to allow SAML2 authentication.

Note: You will need to restart the Syracuse service after this change has been implemented

2. In Sage X3, open Administration, Administration, Settings, Authentication, SAML2 Id provider.

3. Click Create saml2

4. The configuration will look similar to below:

Note: I am not showing the use of a certificate, but it can be made to do so.

5. Click Create

6. In this example, I am using email as my attribute so I must ensure that my user has the correct email address.

7. As a test, you can click on the SAML2 button

8. You will be redirected to the okta login for your connection

9. You will then be directed back to Enterprise Management and logged in.

Note: Once you authenticated through Okta in your browser, if you were to log out of Enterprise Management (without closing the browser or keeping another browser instance open) and then login again to Enterprise Management, you will not be prompted for Okta credentials.