Wiki source code of Okta SAML Integration Example

Last modified by Mark Kohlmann on 2025/05/10 00:28

version	line-number	content
1.2	1	Okta may be used to authenticate users for ShowRunner using SAML. The following instructions will assist with configuring Okta and ShowRunner to work together to authenticate users.
1.1	2
	3	Integration Steps as of May 9th, 2025
	4
	5	1. Create App Integrations
	6	Select 'SAML 2.0'
1.3	7	[[image:https://files.chiefintegrations.com/s/FxzGxgnwwX5Eyik/preview\|\|height="376" width="642"]]
1.1	8	1. General Settings
	9	App name: Can be whatever is meaningful
1.3	10	[[image:https://files.chiefintegrations.com/s/Je7NXGpm5YdPeH2/preview\|\|height="364" width="650"]]
1.1	11	1. Configure SAML:
	12	11. A - SAML Settings
	13	111. General
	14	Single sign-on URL: https:~/~///your-crestron-processor-ip///cws/showrunner-saml/acs
	15	Audience URI (SP Entity ID): showrunner-saml-//processorhostname// or what is specified in settings
	16	Default RelayState: (empty)
	17	Name ID format: Unspecified or EmailAddress
	18	Application username: Okta username
	19	Update application username on: Create and update
	20	1111. Attribute Statements (optional)(((
	21	(% style="width:1000px" %)
	22	\|=Required\|=Name\|=Name format\|=Value
	23	\|Y\|http:~/~/schemas.microsoft.com/identity/claims/objectidentifier\|URI Reference\|user.Id
	24	\|Y\|http:~/~/schemas.microsoft.com/ws/2008/06/identity/claims/role\|URI Reference\|appuser.userRole
	25	\|Y\|http:~/~/schemas.xmlsoap.org/ws/2005/05/identity/claims/name\|URI Reference\|user.login
	26	\|Y\|http:~/~/schemas.microsoft.com/identity/claims/displayname\|URI Reference\|user.displayName
	27	\|N\|pin\|Basic\|appuser.pin
	28	\|N\|touchscreenAccessLevel\|Basic\|appuser.touchscreenAccessLevel
	29	\|N\|userLoginMethod\|Basic\|Arrays.toCsvString(appuser.userLoginMethod)
	30	\|N\|userLoginPermitted\|Basic\|Arrays.toCsvString(appuser.userLoginPermitted)
1.3	31
	32	[[image:https://files.chiefintegrations.com/s/kb8CjEcDNZfaK2G/preview\|\|height="737" width="534"]]
1.1	33	)))
	34	1. (((
	35	Feedback - Complete per corporate policy
1.5	36	[[image:https://files.chiefintegrations.com/s/cWNmNcHxMtHRHo9/preview\|\|height="317" width="655"]]
1.1	37	)))
1.3	38	1. (((
	39	Profile Editor
	40	[[image:https://files.chiefintegrations.com/s/M86XX94fnYsWi6m/preview\|\|height="483" width="650"]]
	41
	42	1. (((
	43	User Role - Group Name values must match group names in ShowRunner
	44	[[image:https://files.chiefintegrations.com/s/HiixXjKJZEGQeP9/preview\|\|height="662" width="648"]]
	45	[[image:https://files.chiefintegrations.com/s/nbexLNGCLWjDQFs/preview\|\|height="429" width="653"]]
	46	)))
	47	1. (((
1.5	48	PIN
1.3	49	[[image:https://files.chiefintegrations.com/s/Db9Xwz6Yobiw5pQ/preview\|\|height="448" width="651"]]
	50	)))
1.5	51	1. (((
	52	Touchscreen Access Level
	53	[[image:https://files.chiefintegrations.com/s/PDmKK2tP5T6mTwo/preview\|\|height="615" width="639"]]
1.3	54	)))
1.5	55	1. (((
	56	User Login Method
	57	[[image:https://files.chiefintegrations.com/s/qKT3nmgRsTM5Lom/preview\|\|height="560" width="628"]]
	58	)))
	59	1. (((
	60	Permitted Login Locations
	61	[[image:https://files.chiefintegrations.com/s/qKT3nmgRsTM5Lom/preview\|\|height="548" width="614"]]
	62	)))
	63	)))
	64	1. (((
	65	Assign Values to User
2.1	66	[[image:https://files.chiefintegrations.com/s/QyjeAWBjCxw36BJ/preview\|\|height="507" width="400"]]
	67
	68	7. Configure ShowRunner SAML Integration:
	69	Copy //Metadata //URL to ShowRunner's //IdP Metadata URI//
	70	Copy //Sign on URL //to ShowRunner's //IdP Auth URI//
	71	Set //Enable //and //Use IdP Metadata// to on in ShowRunner
	72	[[image:https://files.chiefintegrations.com/s/YLbdErCPsxC7BZc/preview\|\|height="684" width="545"]]
3.1	73	[[image:https://files.chiefintegrations.com/s/dpY3bGfKMHyCntd/preview\|\|height="878" width="946"]]
2.1	74
	75	Save Changes.
1.5	76	)))
2.1	77	1. (((
	78	Logout of ShowRunner and then login using SSO
3.1	79
	80
4.1	81	[[Example Okta SAML Assertion>>https://files.chiefintegrations.com/s/FXWFQcfWmbmmFGT]]
2.1	82	)))