Configuring Single Sign-on with Okta

Before configuring SSO with Okta, contact Tamr Support ([email protected]) for the following information:

• Identifier (Entity ID). This value begins with the string urn:auth0:.
• Reply URL (Assertion Consumer Service URL)
• Sign on URL. Note that this value is the same as the Reply URL.

After configuring SSO with Okta, send the following information to Tamr Support:

• Certificate (Base64)
• Login URL

To configure SSO with Okta:

1. Sign in to your Okta admin portal.

2. In the left menu bar, select Applications.

   

3. Select Create App Integration.

   

4. Select SAML 2.0 and then select Next.

   

5. Enter an App name and add an App logo (optional).

   Enable the Do not display application icon App Visibility option to hide application tile from users in Okta dashboard; Tamr does not support IdP-initiated login.
   Select Next.

   

6. Set the values for Single sign-on URL and Audience URI (SP Entity ID) in SAML Settings.

   Enable the Use this for Recipient URL and Destination URL option.

   Leave the rest of the settings to their default values.

   

7. Add the following Attribute Statements.

   1. email: user.email

   2. user_id: user.email

   3. family_name: user.lastName

   4. given_name: user.firstName

   5. name: user.firstName + " " + user.lastName

      

8. Select Next.

9. Set the App type to This is an internal app that we have created and select Finish

   

   

10. Send either of the following to Tamr Support ([email protected]) to complete the SSO confiugration:

    1. Copy the Metadata URL on the Sign On tab and send to Tamr.

       

    2. Select View SAML Setup Instructions and send the Identity Provider Single Sign-On URL and X.509 Certificate to Tamr.