Vigiles SSO

If you have an existing Okta application configured for SSO with Linuxlink and wish to migrate it to be used with https://vigiles.lynx.com navigate to the Migrating From Linuxlink SSO section for instructions.

Companies that use the identity management system Okta can leverage its SSO functionality and have their team members log in to Vigiles using their Okta identity. While users using their SSO credentials will not be able to log into Vigiles using their local credentials, it does not prevent users without Okta from accessing the site as they had done previously. Lynx plans on adding other IAM systems such as Azure AD to increase our ability to service our customers.

Configure Okta for Vigiles

Okta Application Setup

  • Okta Dashboard
    • Click "Applications" on the left-side menu and select "Applications" in the sub menu.
    • Click the "Create App Integration"

  • General Settings
    • Select SAML 2.0 for the sign in method and click Next
    • You can name your Okta application anything you wish in the "App Field" input, and click Next

  • Configure SAML
    • Set your Single sign-on URL and Audience URI to be the following
    Single Sign-on URL https://vigiles.lynx.com/users/saml/acs
    Audience URI (SP Entity ID) lynx-a3c9f2d84e6a1b0cd2f3e98c
    • Set the Name ID format to be Email Address
    • Add the following Claims to the Attribute Statement Settings, and click Next

  • Feedback
    • Finally, select the Checkbox "This is an internal app that we have created"

Assigning Users

  • After you finish creating the application, navigate to the "*Assignments*" Tab
  • Click the "Assign" button and select "Assign to People"
  • From here you can assign anyone who is in your Okta directory to the Vigiles SSO Application.
    • You can create additional users by going to Directory >> People and clicking the "Add person" button, but these people must be registered in Vigiles first to login via Okta

Important Notes

  • You should copy your Metadata URL found in your application under the Sign On tab and in the SAML 2.0 section. This will be used to link Vigiles users with the Okta application.

Managing SSO Accounts

Organization Admins are able to add and delete SSO accounts for all members of organizations that they are Organization Admins of using the SSO Manager. It is accessed by navigating to the "Organization Members" page on the Vigiles homepage and clicking the "Manage SSO Accounts" button located in the "Current Members" section on the right side.

Metadata Form

At the top of the SSO manager page is Metadata URL form. The input will allow you to enter your IAM system's metadata URL. This input is checked upon submission to see if the metadata URL you have entered is valid or not, and is only required when a user wishes to add SSO accounts to a member of an organization.

SSO Accounts Table

Here a user can view the current SSO accounts assigned to members of their organization. It can be sorted by Email and the Team that the SSO account is assigned to.

Adding SSO Accounts

Select the requested users, then click the "Add SSO account for Users" button. If a user is selected that already has an SSO account with that team and metadata URL it will return an error message, but will not prevent the creation of SSO accounts for other users. Selecting the checkbox in the header will select all of the users of that team.

Deleting SSO accounts

To delete SSO accounts, select the users you wish to delete and select the button of your preferred action. If a user does not have an SSO account an error message will be displayed, but will not prevent the action from being applied to valid users.

To migrate your existing Linuxlink SSO configuration to work with Vigiles, a few changes are required.
  • In Okta, navigate to your existing application that is being used in Linuxlink.
  • Select the "General" tab and click "Edit" in the "SAML Settings" section
  • Click "Next" to navigate to the "Configure SAML" section.
  • Set your Single sign-on URL and Audience URI to be the following
Single Sign-on URL https://vigiles.lynx.com/users/saml/acs
Audience URI (SP Entity ID) lynx-a3c9f2d84e6a1b0cd2f3e98c
  • Scroll down to the "Attribute Statements" section and click "Add Another". Add "identity_provider" and set the value to "okta.com". The final section should look like this:

  • Click "Next" and then "Finish". Your Okta application should now be ready to use with Vigiles.