1. Absorb Help Center
  2. Absorb LMS Knowledge Base
  3. Portal Settings
  4. Absorb SSO Settings
  5. Provider Specific Support Articles

Incoming SAML 2.0 Single Sign-On with Okta

Updated

Absorb LMS supports Incoming SAML 2.0 Single Sign-On as a feature, however we do not officially support any specific client-side (IdP) solution. Although Okta is known to generally work with our implementation of SAML SSO, it is the client's responsibility to configure/develop and maintain their side of the integration. This will require a client resource who is knowledgeable and familiar with your Okta instance. This guide is provided to our clients as a convenience only, based on our experience working with clients who employ Okta.

The main purpose of establishing a Single Sign-On (SSO) process with Absorb is to allow your Users a single point of entry into your system while providing them access to multiple other independent systems. With this process, a User logs in with a single ID to gain access to a multitude of other systems without being prompted for different usernames and passwords.

This article discusses configuration of SSO using Okta. For the purposes of this article, the Absorb system will act as the Service Provider (SP). Your Okta account will act as the Identity Provider (IdP).

Please note that SSO is an additional feature that usually involves an additional fee and technical resources on the client side to develop and/or configure the solution.

Okta Application Note

There is an Absorb LMS app listed on the Okta Integration Network. This app may work for SSO setup; however, it is not an official Absorb application and is not directly supported by Absorb.

 

Instructions: Okta Setup

Complete the following steps in Okta to create the SAML app, gather the required metadata, and identify the values you will use later when configuring SSO in Absorb.

Image Zoom

To enlarge thumbnail images, either hover over the image to zoom in, or right-click on a picture and select "Open image in new tab."

 

  1. Log in to your Okta organization as a User with administrative privileges and click the Admin button.

    Okta Admin button.
     

  2. Click Applications.

    Okta Applications page.
     

  3. Click Add Application.

    Add Application button in Okta.
     

  4. Click Create New App.

    Create New App dialog in Okta.
     

  5. Leave the platform as Web and change the sign-on method to SAML 2.0.

    Okta Create New App dialog with Web and SAML 2.0 selected.
     

  6. Give your application a descriptive name and, optionally, upload a logo. Then click Next.

    Okta application name screen.
     

  7. Fill in the Single Sign-On URL with your Absorb ACS URL. Generally, this URL follows the format https://company.myabsorb.com/api/rest/v2/authentication/saml.

    Okta Single Sign-On URL field.
     

  8. Fill in the Audience URI with the Absorb URL you wish to use for SSO (for example, https://company.myabsorb.com or your custom domain name).

    Okta Audience URI field.
     

  9. Set the Application username field to the user profile field that Absorb should match (for example, Email). This is what Absorb will check to determine whether a User exists in the LMS.

    Okta Application username field.
     

  10. You can map other attributes for account provisioning (also known as just-in-time provisioning), but this is outside the scope of this guide. Click Next.

    An example provisioning setup is shown here. For full details, review our SSO Account Provisioning article here.

    Okta attribute mapping example for provisioning.
     

  11. Select I'm an Okta customer adding an internal app. You may leave the rest of the fields blank, then click Finish.

    Okta internal app confirmation screen.
     

  12. Click the link to download the Identity Provider metadata.

    Okta Identity Provider metadata download link.
     

  13. Copy the value of the X509Certificate into your text editor of choice if you plan to enter the key manually in Absorb.

    X509Certificate value in Okta metadata.
     

  14. Remove any line breaks or white space in the encoded value, then set it aside for a later step if you will use manual key entry in Absorb.

    X509Certificate value with formatting removed.
     

  15. Find the URL listed as the SingleSignOnService Binding HTTP-POST. This is the value you will use as the Login URL if you choose Service Provider Initiated mode.

    SingleSignOnService Binding HTTP-POST value in Okta metadata.
     

  16. Click the General tab.

    General tab in Okta application settings.
     

  17. Make note of the Embed Link for use in a later step.

    Embed Link value in Okta application settings.
     

  18. Click the Assignments tab.

    Assignments tab in Okta application settings.
     

  19. Click Assign and assign the Users or Groups who you would like to have access to Absorb via your Okta SSO platform.

    Assign button in Okta application settings.

 

Instructions: Absorb Setup

Use the following steps to configure the Okta connection in Absorb. The supported configuration path is via Client Settings through the SSO card, where the setup is presented in a guided, wizard-style flow. The legacy Manage SSO Settings button in Portal Settings may still appear, but it redirects to the newer SSO experience. 

  1. Log in to the Absorb Admin Experience as a System Admin and navigate to Client Settings.

     

  2. Open the SSO card to begin a new configuration or manage an existing one.

     

    • If you navigate to Portal Settings and click Manage SSO Settings, Absorb redirects you to Client Settings so you can continue setup from the new SSO card.

  3. Click Add Configuration to create a new SSO configuration.


     

  4. In the Connection Type step, name the connection something descriptive. This name is only visible to Admins.
    • Leave the Method set to SAML.

  5. In the Configuration step, provide the key for the Okta connection. You can either paste the line break-free X509Certificate value you saved earlier into the Key field, or click Upload Certificate to upload a key file and let Absorb extract the key automatically.
    image-20260213-205439.png

     

  6. Select the Mode you will be using. This setting affects which Login URL you enter later in the setup.

    We recommend selecting Service Provider Initiated when possible. This has two key benefits:

    • LMS deep links will function as expected
    • SSO can be used to access the mobile app
  7. Set the Id Property to the user profile field in Absorb that your Okta Application username should match. For example, if you used Email in Okta, set this to Email Address in Absorb.
    • Leave Signature Type as Sha1.
  8. Enter the Login URL. This value depends on which mode you selected.
    • Service Provider Initiated mode: Use the URL listed as the SingleSignOnService Binding HTTP-POST from the Okta metadata in Step 15 above.
    • Identity Provider Initiated mode: Use the Embed Link from Step 17 above.
  9. Review the remaining configuration values as needed, then decide whether to enable Automatically Redirect.
    • This setting only displays when Identity Provider Initiated Mode is selected. When turned on, this redirects all Users who navigate directly to the selected Route or Routes to the Login URL. If it is not turned on, Users will land on the Portal landing page.

  10. In the Access step, assign which Routes in your Portal you would like to associate with this SSO configuration.

    image-20260213-205516.png
     

  11. Save your configuration.

     
Service Provider Initiated Note

When Service Provider Initiated Mode is selected, the Automatically Redirect setting is hidden. All unauthenticated users who navigate to the selected Route or Routes will be authenticated through SSO.

 

Key Upload Troubleshooting

If the uploaded key file does not populate the Key field as expected, try the upload again or enter the key manually in the new SSO settings interface.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Related articles

Related articles