Docs Index

Okta

Last updated on Available in French

This document describes the steps required to activate SSO on your CodinGame account using the SAML protocol with Okta.

SSO can also be combined with User Provisioning through the SCIM protocol.

Prerequisites for activating SSO on your CodinGame account:

  • You must have admin rights for your CodinGame account.
  • You must have identified the proper person at your end who will be able to implement the required configuration changes on your Okta account, i.e. your system administrator.

Important considerations:

  • Account-wide failure to login may occur for your users during the configuration process. Reversing the SSO activation on the account can be done at any time if the configuration fails.
  • At any time, even when the SSO configuration is active, it is possible for an admin to log into the account using email and password credentials by using one of the following URLs:
  • You may want to test drive the integration on a test CodinGame account first. In that case, contact your account manager to set up this test account.

To activate the SSO configuration on your CodinGame account:

  1. Open a ticket with the CodinGame support team by sending a request to [email protected] asking for SSO activation and User Provisioning.
  2. The support team will send you back four URL parameters related to SSO:
    • SP Entity ID
    • SP Assertion Consumer URL
    • SP Metadata URL
    • SP Logout URL
  3. And two parameters related to user provisioning:
    • SCIM Base URL
    • SCIM Secret Token

You’ll then need to complete the following steps:

  1. Configure the integration
  2. Add user provisioning

Configuring the integration

1. Log on to the Okta Admin interface

Okta "My apps" tab on left nav selected and an arrow pointing to the "Admin" button.

2. In the menu select Applications > Applications:

The "Applications" item in the left nav is highlighted and there is an arrow pointing to the hamburger menu item next to the "okta" logo.

3. Select Create App Integration and then select SAML 2.0. Click Next to proceed:

Arrow pointing to the "create app integration" button in the top right of the window.
"Create a new app integration" page with the "SAML 2.0" option highlighted and selected.

4. Add these general settings:

  • Configure SAML:
    • Single sign on URL = SP Assertion Consumer URL (from the CodinGame support team)
    • Audience URI (SP Entity ID) = SP Entity ID (from the CodinGame support team)
    • Use this for Recipient URL and Destination URL = checked
    • Name ID format = Unspecified
    • Application username = Email
    • Add an attribute statement:
      • Name = User.Email
      • Value = user.email
  • Validate the last step

5. Configure CodinGame to work with Okta:

  • In the Sign On tab of the Application, click View Setup Instructions:
Codingame configuration screen with an arrow pointing to the "sign on" tab.
Sign on methods screen with an arrow pointing to the "view setup instructions" button.

6. Send back the following parameters to the CodinGame support team:

  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • X.509 Certificate (download as file)

9. Navigate to the Assignments tab. Select Assign > Assign to People or Assign to Groups, and add a test user who is also registered in CodinGame.

Codingame configuration screen with an arrow pointing to the "assignments" tab.

 

10. Contact CodinGame support to organize a go-live meeting between one of our engineers and your system admin. During the live video meeting, CodinGame will activate SSO on your account and you will check that a test user can connect through SSO. Any final adjustments can be made during this call.

Adding User Provisioning

Once SSO has been activated, User Provisioning can be turned on using the SCIM protocol:

  1. In Okta, select the CodinGame application then General > App Settings > Edit.
Codingame configuration screen with an arrow pointing to the "general" tab. The "edit" button in the top right of the app settings section is highlighted.

2. Then under Provisioning select SCIM and click Save.

In the provisioning section the "SCIM" option is selected and highlighted.

3. From the new Provisioning tab, click on Edit in the SCIM Connection section.

Codingame configuration screen with an arrow pointing to the "provisioning" tab. In the SCIM connection section the "edit" button is highlighted.

4. Enter in the following configurations:

  • SCIM connector base URL = SCIM Base URL (from the CodinGame support team)
  • Unique identifier field for users = email
  • Supported provisioning actions = Select all the options
  • Authentication Mode = HTTP Header
  • Bearer Token (HTTP Header > Authorization > Bearer Token) = SCIM Secret Token **(from the CodinGame support team)

The Test Connector Configuration action should be successful at this point.

5. Edit the provisioning. Navigate to Provisioning > Settings > To App and select Edit:

Codingame configuration screen with an arrow pointing to the "provisioning" tab. in the left nav the "to app" option is highlighted.

6. Check Create Users, Update User Attributes, Deactivate Users.

7. Click Save.

8. Go to the Push Groups tab of the App

Codingame configuration screen with an arrow pointing to the "Push groups" tab.

9. Click Push groups >Find groups by name

In the push groups dropdown menu there is an arrow pointing to the "find groups by name" option.

✅It is recommended to select all groups assigned to the Okta App

10. Click Save.

11. Send a final request to CodinGame support specifying the CodinGame permissions you want for each group attached to the Okta App. This could be done during the live video meeting as well to speed-up the process.

12. From now on users added to your groups will be automatically created in CodinGame with the proper set of permissions.