Okta SAML Integration Example

Okta may be used to authenticate users for ShowRunner using SAML.  The following instructions will assist with configuring Okta and ShowRunner to work together to authenticate users.

Integration Steps as of May 9th, 2025

1. Create App Integrations
   Select 'SAML 2.0'
2. General Settings
   App name: Can be whatever is meaningful
3. Configure SAML:
   1. A - SAML Settings
      1. General
         Single sign-on URL: https://your-crestron-processor-ip/cws/showrunner-saml/acs
         Audience URI (SP Entity ID): showrunner-saml-processorhostname or what is specified in settings
         Default RelayState: (empty)
         Name ID format: Unspecified or EmailAddress
         Application username: Okta username
         Update application username on: Create and update
         1. Attribute Statements (optional)

            Required	Name	Name format	Value
            Y	http://schemas.microsoft.com/identity/claims/objectidentifier	URI Reference	user.Id
            Y	http://schemas.microsoft.com/ws/2008/06/identity/claims/role	URI Reference	appuser.userRole
            Y	http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	URI Reference	user.login
            Y	http://schemas.microsoft.com/identity/claims/displayname	URI Reference	user.displayName
            N	pin	Basic	appuser.pin
            N	touchscreenAccessLevel	Basic	appuser.touchscreenAccessLevel
            N	userLoginMethod	Basic	Arrays.toCsvString(appuser.userLoginMethod)
            N	userLoginPermitted	Basic	Arrays.toCsvString(appuser.userLoginPermitted)

4. Feedback - Complete per corporate policy