Steps to configure Okta SSO (AD) with Tessell
Go to Okta admin console and create an app.
2. Use SAML 2.0 protocol while creating an app. This is the only protocol supported by Tessell.
3. Add an optional Icon and mandatory name as Tessell in the app.
Download and use below logo:
4. Now login to Tessell as Account Owner and go to Identity providers. Click on Okta configure. Note down the Entity ID and SSO URL.
5. Add the Entity ID and SSO URL noted in step#4 in Okta app flow.
6. Add firstName, lastName, and email attributes mapping.
7. Use the options and finish the app creation in Okta.
8. On the Sign On tab, change the Application username format to Email
9. Go to General tab of the APP and enable SCIM provisioning.
10. Provisioning tab will start showing up now.
11. Go to Tessell API key as an Account Owner and create an API key with forever expire.
12. Edit the SCIM provisioning in Okta and add the details. Select Authentication type as Bearer and add the API key generated in Tessell. Also, add the SCIM endpoint noted in Step #4.
13. Verify the connection. Only Create Users and Update User Attributes should be green.
14. Now go to provisioning and enable the fields for SCIM.
15. Go to SAML configuration on the same page and note the details. This needs to be fed to Tessell.
16. Go to Tessell IDP and add the details noted in previous page of Okta.
17. At this point all the connection setup/link between Tessell and Okta is done. Now create a user in AD configured with Okta, add the user to a group.
18. Manually import the users as Okta agent takes an hour to sync.
19. Assign the newly imported user the Tessell app.
20. Login to Okta as the user (newly created). Tessell app will show up in the list of apps. Once the user clicks on the app the user will automatically land on the my services page of Tessell. The user will have a Data Owner role and will be part of the default subscription.
21. Disable the user in the AD and check if user can’t login/access Tessell after this.