Skip to main content

Integrating Arc XP with Okta

Okta is a widely used identity provider that offers single sign-on (SSO) services for organizations of all sizes. If your organization uses Okta for authentication, you can configure Arc XP as a SAML 2.0 application to allow users to log in without needing separate credentials for Arc XP.

Prerequisites

Before you begin, ensure you have the following:

  • an Okta account that your organization manages (not provided by Arc XP).

  • administrative access to your organization's Okta environment.

  • a list of groups to sync with Arc XP. (Groups are required to assign roles and privileges to users.)

Step 1: Define your groups

To integrate Okta with Arc XP, you must define user groups.

If you're unsure of all the groups you need, you can add more later. However, adding new groups requires contacting Arc XP to update the configuration. To minimize disruptions, finalize your list of groups as soon as possible.

Note

New groups do not sync automatically. To add new groups later, you must contact Arc XP Customer Support.

  1. Log in to the Okta Admin dashboard and navigate to Directory > Groups.

  2. Click Add Group.

  3. In the modal that appears, enter a name for the group, and click Add Group.

  4. Repeat as necessary to create all required groups.

All groups synced to Arc XP must have a common prefix or pattern. Arc XP recommends using the prefix Arc- (for example, Arc-Journalists, Arc-Editors, Arc-Administrators.)

If your organization operates multiple sites, consider including site identifiers in your group names. For example:

  • for the Mountain Village Gazette: Arc-MVG-Journalists, Arc-MVG-Editors, Arc-MVG-Administrators

  • for the Desert Town Times: Arc-DTT-Journalists, Arc-DTT-Editors, Arc-DTT-Administrators

Step 2: Create a SAML 2.0 application

Next, create a SAML 2.0 application to represent Arc XP in Okta. This application does not function until all steps in this guide are complete.

  1. In the Okta Admin dashboard, navigate to Applications > Applications.

  2. Click Create App Integration, select SAML 2.0, and click Next.

  3. Enter Arc XP as the App Name.

  4. Optionally, download and upload the Arc XP app logo.

  5. Click Next.

  6. On the next screen, enter the following values:

    • Single Sign-On URL - enter https://fix.me.later. You'll update this later.

    • Use this for Recipient and Destination URL - select this option.

    • Allow this app to request other SSO URLs - clear this option.

    • Audience URI (SP Entity ID) - enter https://fix.me.later. You'll update this later.

    • Default RelayState - enter https://fix.me.later. You'll update this later.

    • Name ID Format - choose EmailAddress.

    • Application Username - enter your Okta username.

    • Update Application Username - select Create and Update.

Attribute statements

Add the following attribute mappings:

Table 2. 

Name

Value

email

user.email

firstName

user.firstName

lastName

user.lastName

displayName

user.displayName



Group attribute statement

  1. Set the Name to groups.

  2. Select Starts With as the filter condition.

  3. Enter the prefix assigned to your groups, for example, Arc-.

On the final screen, select:

  • I'm an Okta customer adding an internal app.

  • This is an internal app that we have created.

Click Finish to complete the initial app setup.

Step 3: Send your metadata to Arc XP

After saving your SAML app, Okta displays a View Setup Instructions button. Click that button to retrieve the necessary SAML metadata.

Securely send the following details to Arc XP Customer Support:

  • Single Sign-On URL

  • Identity Issuer

  • x.509 Certificate

  • List of group names (case-sensitive) to sync with Arc XP

If you are unsure of how to securely transmit this information, consult with Arc XP Customer Support before proceeding.

Arc XP typically processes your request within a few days. Arc XP Customer Support notifies you when the setup is complete.

Step 4: Update the SAML app

When Arc XP completes its configuration, we provide you updated values for:

  • Arc XP Customer Support URL (used as the Single Sign-On URL)

  • Audience URI

  • RelayState URL

Replace the values you previously entered as https://fix.me.later with the new values.

  1. Navigate to Applications in Okta to open the Arc XP app.

  2. Click the General tab, scroll to SAML Settings, and click Edit.

  3. Click Next on the first screen.

  4. Update the fields with the values that Arc XP provided.

  5. Click Next, and then Finish.

Step 5: Assign the Arc XP app to users

For users to access Arc XP, assign the application to them:

  1. In Okta, go to the Arc XP application.

  2. Click Assignments > Assign > Assign to People.

  3. Find a test user and click Assign next to their name.

  4. Assign at least one of the Arc- groups to the user.

Step 6: Test the integration

  1. Open a private browsing window.

  2. Log in to Okta with the test account assigned to Arc XP.

  3. Locate and click the Arc XP tile in the Okta dashboard.

You should be redirected to Arc XP. Your displayName (or firstName and lastName) should appear in the top-right corner of the interface.

If everything works as expected, your integration is complete.

In this section: