FCTR Identity Portal Setup Guide - OIN Integration

Prerequisites

  • Active Okta tenant and an account with super admin privileges
  • Install and configure two integrations from Okta Integration Network (OIN):
    • API service integration (provides client ID, secret and Domain)
    • SAML integration (provides SAML metadata)
  • A minimum of 2 user group names (preferably 3) to be a part of the SAML groups attribute

Note

  • Super admin privileges are only required during initial setup
  • You will need to save the integration credentials securely

FCTR - API Integration

  1. Log in to your Okta Admin Console
  2. Navigate to Applications → API Service Integrations → Add Integration and choose FCTR - API integration
  3. Click Install & Authorize
    4. Okta Admin Roles
  4. Once authorization is complete Okta will provide you with the information below which you will need to copy, send it to the FCTR team.
    1. Copy your client secret
      Okta Admin Roles
    2. Copy your Okta Domain & Client ID
      Okta Admin Roles
  5. Note the Client ID, Client secret and OKTA domain details and keep them in a safe place.

FCTR - SAML Configuration

Creating SAML Integration

  1. Access Okta admin console with Super Administrator credentials
  2. Navigate to Applications > Browse App Catalog > Search for 'FCTR Identity Portal - SAML Integration'
    3. Okta Admin Roles
  3. Click on the app tile and then 'Add Integration' button to add the application
    4. Okta Admin Roles
  4. On the next screen, enter your tenant name that will be provided by the FCTR suppor team.
    5. Okta Admin Roles
  5. You will be taken to the assignments tab. Here, you will assign the necessary users / groups that will access the application
    6. Okta Admin Roles
  6. Now click on the Sign On tab and click on Edit
    7. Okta Admin Roles
  7. In the edit mode you will need to make the 4 changes highlighted below
    • In the edit mode you will need to make the 4 changes highlighted below:
      • Disable the Force authentication checkbox so you can enforce authentication
      • As mentioned prior, 3 groups need to be passed in the SAML assertion (details below)
      • Copy the metadata URL. This will need to be sent to the FCTR support team
      • Set the Application username format as desired by your organization
    Okta Admin Roles

Group Details

Required Groups for FCTR identity portal

A minimum of three groups are required to be created in your Okta tenant for FCTR portal access role-based access

The three roles in FCTR are:

  • Super admin
  • HD admin
  • HD user

Group Attributes (options)

Attribute Name Filter Okta Expression
groups Starts With - OR - contains (Recommended) GROUP-Prefix
groups Matches regex (Not Recommended) .*

Send these details to FCTR support team

Required Information

The following items must be provided:

  • The Client secret
  • The Client ID
  • The Okta Domain
  • The SAML metdata URL
  • The 2-3 group names needed for authorization

Send this information securely via:

  • Via secure email
  • Via your organization's secure file share