2FA for Okta

Owned by Eric Schullek
Last updated: Mar 28, 2024 by Eric Schullek
2 min read

This article will explain the process of setting up Okta as a SAML IdP in an Amazon Cognito user pool.

Pre-requisites

  1. Contact Litera DevOps before starting your 2FA authentication project. There are steps they need to perform first. You can also reach to support@litera.com to get their contact info.

Items to send to Litera

  1. Identity Provider metadata hyperlink in Step Get the IDP Metadata

Steps

Create a SAML app in Okta

  1. Go into the Okta developer console and under Shortcuts, choose Add Applications. Or, choose Applications, and then choose Add Application.

  2. Click Create New App

  3. Choose Platform as Web

  4. For the Sign-on method, choose SAML 2.0.

 

 

Configure SAML Integration in Okta App

  1. On the Create SAML Integration page, under General Settings, enter a name for your app.

  2. Choose Next.

  3. Under GENERAL, for Single sign on URL, enter https://yourDomainPrefix.auth.region.amazoncognito.com/saml2/idpresponse.
    NOTE: Replace yourDomainPrefix and region with the values for your user pool

  4. For Audience URI (SP Entity ID), enter urn:amazon:cognito:sp:yourUserPoolId.
    NOTE: Replace yourUserPoolId with your Amazon Cognito user pool ID.

  5. Leave Name ID format as Unspecified

  6. Set Application username as Email

  7. Under ATTRIBUTE STATEMENTS (OPTIONAL) set the following (set the Name format as URI reference for all):

Name

Value

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

user.email

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

user.firstName

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

user.lastName

  1. Click Next and Click Finish

 

Assign users to the Okta application

  1. On the Assignments tab for your Okta app, for Assign, choose Assign to People

  2. Next to the user that you want to assign, choose Assign

  3. Choose Save and Go back. Choose Done.

Get the IDP metadata for the Okta application

  1. On the Sign On tab for your Okta app, find the Identity Provider metadata hyperlink. Right-click the hyperlink, and then copy the URL and send the URL over to Litera DevOps.

 

This is the hyperlink metadata that the DevOps team should add on the Cognito User pool step.

 

 

Let's Connect📌

☎ +1 630.598.1100
☎ ‪+44 20 3880 1550‬
📧 support@litera.com
💻 https://www.litera.com/support/

📝 Support is available:
4 am - 8 pm US Eastern
(9 am - 1 am GMT/BST
7 pm - 11 am AET) on normal business days (excluding holidays)

© 2024 Litera