Documentation

Single Sign-On with Okta

Single Sign-On with Okta requires several steps that are outlined here.

Supported Features

The Okta/QReserve SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. In your Okta Admin Dashboard go to Applications->Applications->Browse App Catalog
  2. Search for QReserve then Add Integration
  3. Click "Done"
  4. Copy the metadata URL from the Sign On tab.
  5. Submit your SSO request and attach your metadata with this form.
  6. The QReserve Support team will process your request. After receiving a confirmation email, you can start assigning people to the application.
  7. In Okta select the Sign On tab for the QReserve SAML app, then click Edit.
    • Encryption Certificate: Save the following as encryption.crt then upload it to the app:
1-----BEGIN CERTIFICATE-----
2MIIFLjCCAxagAwIBAgIUQxLRmiTlbRbzQalkfFB71zT7uIQwDQYJKoZIhvcNAQEL
3BQAwHDEaMBgGA1UEAxMRc2FtbC5xcmVzZXJ2ZS5jb20wIBcNMjQwMjA1MTkxMTQ4
4WhgPMjEyNDAxMTIxOTExNDhaMBwxGjAYBgNVBAMTEXNhbWwucXJlc2VydmUuY29t
5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1BcW+AkcMCHQAyqi3kKa
6BFoGZn681KRrzUeO9PSI253lJJylueR/4KPQt0iv1kOriA6lypPToCc3GwortU5Y
7TKU7YZVkqbbgaopm+DoGaOAHzl9mYEg2QBMduQoihxGlD62zPpbspe70QVxRWc3W
8BQSGvBDDujEOP8ICd+Gm02iFZi/Zrshhb6NY0ABGIu2fzKU4jKNXidqsgKDcpJ7x
9fCj/ZnBwzQFziJ9CWTEW8kzE6/ybAmiTQjX4tMGT2h88+rbvBGK/3KWxWKi8/g+A
10tw/FXUSQEFBL04Pc27ncArPLbCAUjl8pSG9AiS//tVjGC8WTJW0r36xnUzuxiJPO
11NqfiI+67vpI3OCfTwMn3C/Vlg0Idy75MYVyFUpMGy2qFSI/NcnftUwIqwIKwodUC
12qyn05pNsxihpMeK0040hrevbVplnJcj9SjvUsM23W3qRhDej5O48FUiQAW3XlC/o
13Q0tEvl/50fUT+WI9NAyt2NvpPNDeBERzagquvSa587WAeD+fsFgsjqDmDoomB1tJ
14as+5bvHPJh/QSYTQBzZE7A72ZonSgv30/Su22dArQWEvb7mDD8X1zLvXz49ZBouP
15ANNjjM9yeKsu3Z3Ok0kg5qOr9pFSG8YjtafEmCbOuGIAAXNBI66m2ItKt871uWxF
167q7ZzekVvdOimU2x7iF9EAcCAwEAAaNmMGQwQwYDVR0RBDwwOoIRc2FtbC5xcmVz
17ZXJ2ZS5jb22GJWh0dHBzOi8vc2FtbC5xcmVzZXJ2ZS5jb20vc3NvL2NhbmFyaWUw
18HQYDVR0OBBYEFDCh9KLk12pbSNa3JDyQ3VXG0VUgMA0GCSqGSIb3DQEBCwUAA4IC
19AQDIOug/OXwahWjLzg7DouybLg/kAfQvkK4o5OX5QfFnnb743oanjrpS5lByfyz0
206A+zgtntm7A/uYvjKGd8wSHVit+hePbhbFPPR3VfDxAAcsjjzZWlljJH4m4ZdLcs
21rIaZsOS7il6GrVUrlbtuUnYruopS0XPm8uzJf8j5UH29sRKpU7m/b4CgDugUqEau
22ZKDSQaTXb7fRHURU3nJCkrRX886g1xsd31pZ89ZnZ7LOFv37CbVj0p7YGbvW/cPU
23tDlF78b0OZwh+cY3nHInm3oPHDXec48JdcFmUaoxQOQNgTv3JcbhgAUIab6Ogbbz
24UwmBgmE3ELyPG1YUWOFAVBoZCYBGVI1kVtBIJegK7qbjVynrf3LQylvcOxMzXkke
25cy5Sc2xd41NLY0eIcHU3fo0fzrkc2pPt+2x6uAtR63nEYVs88GIV8tDeFOIi9LVB
26SRd4OSwDbDcVjZBX4D25gXutTZj2ykvzeERDxQJdw/SlGkOTnzacYHdXuIZlygPh
27d/rTb7ikK8O2zPhEdNvVC8LfYkjH8/Gd+RsthwE9vVH9tEG9glHo47ip5JVYp26g
28ArhLycYjPUPvjjBgtX9JeKZXnZi3tEZ2l3GxUqb5ZxNCn6Hx0/SlG2op4eRO/DK1
29OgEzTy+Z6hd3fVUliP3oIhSt9mUAnpbFuJ8p9qZGYZrmMw==
30-----END CERTIFICATE-----
  • Click save
saml
  1. Upload provided Encryption certificate to Okta
  2. Done!

Supported SAML Attributes

The following SAML attributes are supported:

NameValue

urn:oid:0.9.2342.19200300.100.1.3

user.email

urn:oid:2.5.4.42

user.firstName

urn:oid:2.5.4.4

user.lastName

urn:oid:2.16.840.1.113730.3.1.241

user.displayName

urn:oid:2.5.4.3

user.nickName

SP-initiated SSO

  1. Go to https://my.qreserve.com/login
  2. Click Sign In With Partner.
  3. Search for your organization, then click Sign In.