Okta SAML Integration Example
Last modified by Mark Kohlmann on 2025/05/10 00:28
Okta may be used to authenticate users for ShowRunner using SAML. The following instructions will assist with configuring Okta and ShowRunner to work together to authenticate users.
Integration Steps as of May 9th, 2025
- Create App Integrations
Select 'SAML 2.0' - General Settings
App name: Can be whatever is meaningful - Configure SAML:
- A - SAML Settings
- General
Single sign-on URL: https://your-crestron-processor-ip/cws/showrunner-saml/acs
Audience URI (SP Entity ID): showrunner-saml-processorhostname or what is specified in settings
Default RelayState: (empty)
Name ID format: Unspecified or EmailAddress
Application username: Okta username
Update application username on: Create and update- Attribute Statements (optional)
Required Name Name format Value Y http://schemas.microsoft.com/identity/claims/objectidentifier URI Reference user.Id Y http://schemas.microsoft.com/ws/2008/06/identity/claims/role URI Reference appuser.userRole Y http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name URI Reference user.login Y http://schemas.microsoft.com/identity/claims/displayname URI Reference user.displayName N pin Basic appuser.pin N touchscreenAccessLevel Basic appuser.touchscreenAccessLevel N userLoginMethod Basic Arrays.toCsvString(appuser.userLoginMethod) N userLoginPermitted Basic Arrays.toCsvString(appuser.userLoginPermitted)
- Attribute Statements (optional)
- General
- A - SAML Settings
Feedback - Complete per corporate policy
Profile Editor
User Role - Group Name values must match group names in ShowRunner
PIN
Touchscreen Access Level
User Login Method
Permitted Login Locations
Assign Values to User
7. Configure ShowRunner SAML Integration:
Copy Metadata URL to ShowRunner's IdP Metadata URI
Copy Sign on URL to ShowRunner's IdP Auth URI
Set Enable and Use IdP Metadata to on in ShowRunnerSave Changes.
Logout of ShowRunner and then login using SSO