This guide will take you through the steps for configuring Okta as the SAML IDP for your HyperComply account, allowing your users to authenticate to HyperComply through Okta instead of the usual email/password combination.
What to expect:
- First we’ll log into HyperComply and copy a value we’ll need for Okta configuration.
- Next we’ll create the HyperComply Okta “Application” and configure it for HyperComply SAML.
- Finally we’ll copy some values from our new Okta Application into HyperComply so HyperComply can securely validate SAML assertions from Okta.
HyperComply Configuration
- Navigate to https://app.hypercomply.com/settings/saml_config
- Copy the value of the “SAML ACS Endpoint” at the bottom of the screen.
- Keep this tab open and complete the steps below, you will need to enter some values from Okta on this screen at the end of this process.
Okta Application Creation
1. Log into Okta as an administrator
2. Navigate to Applications/Applications and click “Create App Integration”
-
- Choose “SAML 2.0” and click “Next”
- Enter display details for the new Application as normal. Click “Next”.
- Paste the “SAML ACS Endpoint” URL copied from the HyperComply settings into the “Single sign on URL” and “Audience URI” fields.
- Set “Name ID format” to “EmailAddress”
- Set “Application username” to “Email”
- Add these attributes to the “Attribute Statements” section:
Name |
Name format |
Value |
|
Unspecified |
user.email |
firstName |
Unspecified |
user.firstName |
lastName |
Unspecified |
user.lastName |
3. Click “Next” then “Finish”
4. In the “Sign On” tab of the newly created “HyperComply” application, click the “View Setup Instructions” button.
- Note: this section requires copying values from Okta into the HyperComply SAML configuration form opened in the “HyperComply Configuration” section above. If you don’t have the tab open anymore, return to the page here: https://app.hypercomply.com/settings/saml_config.
-
- In Okta: copy the value from the “Identity Provider Single Sign-On URL” field
- In HyperComply: paste the value into the “IDP Endpoint URL” field
- In Okta: copy the value from the “Identity Provider Issuer” field
- In HyperComply: paste the value into the “IDP Entity ID” field
- In Okta: copy the value from the “X.509 Certificate” field
- In HyperComply: paste the value into the “IDP Certificate” field
- In HyperComply: check the “Enable SAML” checkbox and click “Save”.
- In Okta: copy the value from the “Identity Provider Single Sign-On URL” field
At this point you have completed connecting your Okta SAML IDP to HyperComply, now allowing users to log into HyperComply from Okta. Any user that logs into HyperComply via Okta will have an account created for them (if they don’t already have an account). Allowing Okta users to log into HyperComply can be done by adding users to the HyperComply “Application” you created above in Okta.
If you have any further questions or troubles regarding your setup, submit a request to our team here.