Skip to Content

Wiki source code of Okta SAML Integration Example

Last modified by Mark Kohlmann on 2025/05/10 00:28
Show last authors
1 Okta may be used to authenticate users for ShowRunner using SAML.  The following instructions will assist with configuring Okta and ShowRunner to work together to authenticate users.
2
3 Integration Steps as of May 9th, 2025
4
5 1. Create App Integrations
6 Select 'SAML 2.0'
7 [[image:https://files.chiefintegrations.com/s/FxzGxgnwwX5Eyik/preview||height="376" width="642"]]
8 1. General Settings
9 App name: Can be whatever is meaningful
10 [[image:https://files.chiefintegrations.com/s/Je7NXGpm5YdPeH2/preview||height="364" width="650"]]
11 1. Configure SAML:
12 11. A - SAML Settings
13 111. General
14 Single sign-on URL: https:~/~///your-crestron-processor-ip///cws/showrunner-saml/acs
15 Audience URI (SP Entity ID): showrunner-saml-//processorhostname// or what is specified in settings
16 Default RelayState: (empty)
17 Name ID format: Unspecified or EmailAddress
18 Application username: Okta username
19 Update application username on: Create and update
20 1111. Attribute Statements (optional)(((
21 (% style="width:1000px" %)
22 |=Required|=Name|=Name format|=Value
23 |Y|http:~/~/schemas.microsoft.com/identity/claims/objectidentifier|URI Reference|user.Id
24 |Y|http:~/~/schemas.microsoft.com/ws/2008/06/identity/claims/role|URI Reference|appuser.userRole
25 |Y|http:~/~/schemas.xmlsoap.org/ws/2005/05/identity/claims/name|URI Reference|user.login
26 |Y|http:~/~/schemas.microsoft.com/identity/claims/displayname|URI Reference|user.displayName
27 |N|pin|Basic|appuser.pin
28 |N|touchscreenAccessLevel|Basic|appuser.touchscreenAccessLevel
29 |N|userLoginMethod|Basic|Arrays.toCsvString(appuser.userLoginMethod)
30 |N|userLoginPermitted|Basic|Arrays.toCsvString(appuser.userLoginPermitted)
31
32 [[image:https://files.chiefintegrations.com/s/kb8CjEcDNZfaK2G/preview||height="737" width="534"]]
33 )))
34 1. (((
35 Feedback - Complete per corporate policy
36 [[image:https://files.chiefintegrations.com/s/cWNmNcHxMtHRHo9/preview||height="317" width="655"]]
37 )))
38 1. (((
39 Profile Editor
40 [[image:https://files.chiefintegrations.com/s/M86XX94fnYsWi6m/preview||height="483" width="650"]]
41
42 1. (((
43 User Role - Group Name values must match group names in ShowRunner
44 [[image:https://files.chiefintegrations.com/s/HiixXjKJZEGQeP9/preview||height="662" width="648"]]
45 [[image:https://files.chiefintegrations.com/s/nbexLNGCLWjDQFs/preview||height="429" width="653"]]
46 )))
47 1. (((
48 PIN
49 [[image:https://files.chiefintegrations.com/s/Db9Xwz6Yobiw5pQ/preview||height="448" width="651"]]
50 )))
51 1. (((
52 Touchscreen Access Level
53 [[image:https://files.chiefintegrations.com/s/PDmKK2tP5T6mTwo/preview||height="615" width="639"]]
54 )))
55 1. (((
56 User Login Method
57 [[image:https://files.chiefintegrations.com/s/qKT3nmgRsTM5Lom/preview||height="560" width="628"]]
58 )))
59 1. (((
60 Permitted Login Locations
61 [[image:https://files.chiefintegrations.com/s/qKT3nmgRsTM5Lom/preview||height="548" width="614"]]
62 )))
63 )))
64 1. (((
65 Assign Values to User
66 [[image:https://files.chiefintegrations.com/s/QyjeAWBjCxw36BJ/preview||height="507" width="400"]]
67
68 7. Configure ShowRunner SAML Integration:
69 Copy //Metadata //URL to ShowRunner's //IdP Metadata URI//
70 Copy //Sign on URL //to ShowRunner's //IdP Auth URI//
71 Set //Enable //and //Use IdP Metadata// to on in ShowRunner
72 [[image:https://files.chiefintegrations.com/s/YLbdErCPsxC7BZc/preview||height="684" width="545"]]
73 [[image:https://files.chiefintegrations.com/s/dpY3bGfKMHyCntd/preview||height="878" width="946"]]
74
75 Save Changes.
76 )))
77 1. (((
78 Logout of ShowRunner and then login using SSO
79
80
81 [[Example Okta SAML Assertion>>https://files.chiefintegrations.com/s/FXWFQcfWmbmmFGT]]
82 )))