Setting up SSO with Intergraph Smart Cloud - Intergraph Smart Cloud - Help - Hexagon

Intergraph Smart Cloud Help

Language
English
Product
Intergraph Smart Cloud
Search by Category
Help

To achieve SSO, a trust must be established between Okta and Customer-specific Identity Provider. Okta then delegates the authentication to Customer-specific Identity Provider. Okta only makes authorization decisions based on claims contained in the security token that is returned by the Customer-specific Identity Provider.

  1. Request SSO setup.

    Customer submits an Estate request in Hexagon Smart Community to setup SSO for the users. This request can also be made during the initial Customer Onboarding process.

  2. Provide the federation parameters.

    After the Integraph Smart Cloud team completes the review process for the request, the Customer must provide the following details:

    • Issuer Name (typically, a customer name, or shorter form of the customer name without spaces).

    • Sign In End Point.

    • Sign Out End Point.

    • Federation Protocol (OAuth - Preferred, SAML 2.0).

    • Claim Type that uniquely identifies the user in Customer-specific Identity System.

    • Customer Identity Provider Certificate.

  3. White list the Okta URLs.

    Intergraph Smart Cloud team provides the list of Okta URLs that need to be white listed on the customer specific identity provider so that the traffic can be sent between the two identity providers.

  4. Configure Okta as Relying Party (RP).

    Intergraph Smart Cloud team must provide the following parameters to the Customer:

    • Relying Party Identifier (Audience URI)

    • Assertion Consumer Endpoint

    • Okta Certificate

    Customer then configures the Okta Certificate in their Identity Provider for signing security token (sent to Okta after authenticating the user). And, then adds Okta as Relying Party Trust in their Identity Provider.