Question
OKTA
SSO
Studio_Creatio
7.18
Just In Time user provisioning for SSO with OKTA
Sourav Kumar Samal
15:09 Feb 22, 2022

Hi Community,

 

I am trying to implement JIT when a user is not present. But by default it is creating a user as "Company Employee". Any suggestions how I can identify and create either Company Employee or Portal user based on the response that has been received in the SAML token.

I have followed the following two articles:

  1. Single Sign-On via ADFS

  2. Just-In-Time User Provisioning

 

Thanks,

Sourav Kumar Samal

Like 2

Like

3 comments
Sourav Kumar Samal
08:10 Feb 24, 2022

Hi All,

 

Can anyone answer on this?

 

Thanks,

Sourav

Roman Brown
12:12 Feb 28, 2022

Dear Sourav, 



I would suggest you to carefully check the web.config file located in the root folder of Creatio. 

In this file you can find the list of login providers (the place where you enabling JIT by the guide):



        <provider name="SsoAuthProvider" type="Terrasoft.WebApp.Loader.Authentication.SSO.SsoAuthProvider, Terrasoft.WebApp.Loader">

          <parameters>

            <add name="UserType" value="General" />

            <add name="UseJit" value="false" />

          </parameters>

        </provider>

        <provider name="SSPSsoAuthProvider" type="Terrasoft.WebApp.Loader.Authentication.SSO.SsoAuthProvider, Terrasoft.WebApp.Loader">

          <parameters>

            <add name="UserType" value="SSP" />

          </parameters>



If you want to enable JIT for portal user you need to make sure that key <add name="UseJit" value="false" /> is added to the block related to the "SSPSsoAuthProvider"

so it looks like:

    <provider name="SSPSsoAuthProvider" type="Terrasoft.WebApp.Loader.Authentication.SSO.SsoAuthProvider, Terrasoft.WebApp.Loader">

          <parameters>

            <add name="UserType" value="SSP" />

            <add name="UseJit" value="true" />

          </parameters>



After that please make sure that SspLogin.aspx is specified in all keys instead of NuiLogin.aspx to make sure that user will get a proper portal cookie in case if you want to use a Service Provider initiated SSO flow to create portal users. 

Also please note that in this case ordinary company employees will have to login via direct link only or use the link to NuiLogin.aspx module if they want to use SSO as well. 



Kind regards,

Roman

Sourav Kumar Samal
12:05 Mar 22, 2022

Roman Brown,

Does this mean we can only use Jit either for Portal User or for Company Employee user?

 

Regards,

Sourav

Show all comments
Question
SSO
OKTA
Studio_Creatio
7.18
SSO integration with OKTA
Sourav Kumar Samal
07:04 Feb 17, 2022

Hi All,

 

We have a requirement to enable SSO with OKTA. Please suggest whether is it possible? If yes, how we can do that?

 

Thanks & Regards,

Sourav Kumar Samal

Like 0

Like

5 comments
Bogdan
07:12 Feb 17, 2022

Hello,

 

Yes, it is possible to set up SSO through OKTA. Unfortunately, we do not have specific instructions for this product, but you can use the Single Sign-On via ADFS Academy article for your reference. 

 

Best regards,

Bogdan

 

 

Sourav Kumar Samal
07:30 Feb 17, 2022

Bogdan,

 

We are also trying to configure from OKTA's side as well. But there are certain ask that we are unsure about. Could you please suggest on the following questions from Creatio perspective?

Thanks,

Sourav

Sourav Kumar Samal
12:57 Feb 18, 2022

Bogdan,

Is there any information on this?

 

Thanks

Roman Brown
16:36 Feb 20, 2022

Sourav, 



This application is in "Upcoming" state meaning that it will be available in Future. 

As for your first question, you need to insert following values:

 



Kind regards,

Roman

 

Sourav Kumar Samal
10:19 Feb 21, 2022

Roman Brown,

 

What is the LocalCertificateFile and where to get this for onsite applications?

 

Thanks,

Sourav

Show all comments
Subscribe to OKTA