How to Configure SAML 2.0 for Blink with Okta
- Supported Features
- Configuration Steps
The Okta/Blink SAML integration currently support the following features:
- SP-initiated SSO
Enable SAML in the Blink Admin panel
The first step in configuring SAML with Blink is to open the admin panel. This can be accessed via the in-app menu.
Once in the admin panel find the Authentication menu item. Only Organisation Admins can manage these settings.
Once on the Authentication page select the SAML option.
You will now be presented with a series of URLs which you will require when configuring your identity provider. Download the Certificate which will be uploaded to Okta later in the setup process.
Configure Okta as the Identity Provider
Blink supports any SAML IDP, however this guide is specifically for Okta.
You will need to use the Okta Classic UI.
1. Add the Blink application to your Okta account.
From the Dashboard Click the shortcut link to "Add Applications" and search for Blink. Click the "Add" button.
2. Complete the General Settings. It is recommended at this time to disable the application visibility to users.
3. Setup the Organisation ID (Company UUID) for your Blink organisation.
Click the "Sign-On" tab in the Okta menu and click Edit.
The Company UUID can be retrieved in Blink from Authentication page in the Admin portal. It is the last part of the Entity Id URL starting with 0-
For example: https://api.joinblink.com/saml/o-621ae3be-5bc0-xxxx-xxxx-06d2cd2a17de
o-621ae3be-5bc0-xxxx-xxxx-06d2cd2a17de is the Company UUID.
4. Download the certificate from Blink and Upload to Okta
Using the certificate you downloaded from Blink earlier (This is available in the Admin Portal in Authentication).
Upload this certificate file to Okta.
Don't forget to save your changes.
5. Download the Identity Provider metadata from Okta and upload to Blink
Download the Identity Provider metadata from Okta. This is available in Okta using the Class UI. Select Blink in the Applications then Sign On. Save the file as 'okta.xml' to later be uploaded to blink.
Add IDP Metadata to Blink
The final step in the process is to add the IDP metadata into Blink. The simplest method for setting these details is to read the metadata provided by the IDP. If you have this simply click "Read metadata file" and select the file - this is the metadata file you downloaded earlier.
If you do not have a metadata file from the IDP click "Or enter details manually" and you will be presented with 4 fields. You will need to complete these fields with details provided by your IDP.
Your SAML SSO is now configured with Blink and Okta. The last step is to assign the Blink app to users in Okta.
Configure the Blink App in Okta for Users
1. Assign the Blink app to your users or groups
Click on the Assignments menu item under the Blink app in Okta. Click the Assign button to add a Group or User. You will need to do this for all users that you wish to enable SSO with Blink.