Single Sign On (SSO) allows users to sign in once across multiple applications, sites and platforms.
Taxamo have created an integration with Okta, an identity provider for SSO. Taxamo acts as a service provider, storing the users from your merchant's account with Okta.
For more information about Okta, see https://www.okta.com.
This has the following benefits:
- Role assignments are done in Okta.
- Security is optimized because Taxamo (as the service provider) stores all the user information with Okta (the identity provider). This means that Taxamo cannot see your users' data.
- Single LogOut (SLO) is also implemented. This allows users to log out from the identity provider (Okta) by logging out of the service provider (Taxamo).
Two types of login are possible after you complete the configuration:
- Service Provider (SP) initiated: This is when a user logs in using the Taxamo dashboard. This requires the Organization ID and a login through Okta.
- Identity Provider (IdP) initiated: This is when a user logs in using the Taxamo app in Okta.
To enable this feature for your merchant account, you need to sign up for it. To do so, contact the Taxamo sales team at [email protected] or your account manager .
After this has been done, complete the following steps to enable the feature:
- Log in to your Taxamo account.
- Click SETTINGS.
- Under Security Options, click Enable additional security options. The SSO SAML Confguration UI is displayed:
- If a configuration exists, you can save or delete it.
- To create a new configuration, click +Add configuration.
To configure the feature, complete the following steps:
- Create a new SSO configuration in Taxamo.
a. Log in to your Taxamo account.
b. Click SETTINGS.
c. Under Security Options, click SSO SAML Configuration.
d. To create a new configuration, click +Add configuration.
e. Complete the information for the sections outlined in the table:
Enter the ID that will be used for SP-initiated logins.
Enter the Taxamo data that is used by Okta.
Enter the Okta data here.
Set up Taxamo (service provider) in Okta (identity provider)
a. Go to https://developer.okta.com/ and register.
b. Log in to your Okta account.
c. Ensure that the Classic UI option is selected. You can check this in the top left hand corner of the screen.
Create a new application.
a. Click Applications -> Add Application.
b. Click Create New App and enter the following details:
c. Click Create.
d. Enter the business name. For example My Business.
e. To allow IdP-initiated logins, ensure that the following checkboxes are not selected and click Create:
- Do not display application icon to users
- Do not display application icon to users in the Okta mobile app.
- Complete the remaining fields.
a. Enter the following settings:
Single sign on URL
Specify the Assertion Consumer Service URL from your Taxamo configuration.
Audience URI (SP Entity ID)
Specify the Entity ID from your Taxamo configuration.
Name ID format
Set this to one of the following:
Enter email as the user name.
b. Click Show Advanced Settings.
c. In the Assertion Encryption field, choose encrypted.
d. To load the encryption certificate, copy the Service Provider x509 certificate from your Taxamo configuration.
e. Complete the following settings:
Allow application to initiate Single Logout
Ensure that this checkbox is selected.
Single Logout URL
Enter the URL from your Taxamo configuration.
Specify the SP Entity ID from your Taxamo configuration.
f. Load the same certificate that you used for assertion encryption.
- Add the group attribute statements. This step is optional:
a. Enter the following information:
c. Click Next.
d. Choose I am an Okta customer adding an internal app and click Finish.
Set up Okta in Taxamo.
a. Click View Setup Instructions.
b. To copy the data to the Identity Provider configuration in Taxamo, copy and paste the certificates.
c. Specify an Organization ID. This value is used for signing in later on.
d. Save the configuration.
Assign the application to yourself.
a. Go to Directory -> People.
b. Click on your name and click Assign Applications.
c. Select the app and click Assign.
d. Click Save and Go Back.
Create a new group.
a. Go to Directory -> Groups.
b. Click Add Group.
c. Enter taxamo_developer in the Name field.
Assign yourself to the group.
a. Click the group name.
b. Click Manage People.
c. Click on your name and click Save.
If you cannot view the SSO SAML configuration section in your account security settings, contact your Taxamo account manager to check that the settings are enabled.
Updated 3 months ago