To make it easy and secure for everyone in your organization to access MURAL, you might choose to implement SSO (single sign-on). SSO allows members to authenticate with MURAL using their company’s network credentials. SSO relies on connecting MURAL to an IdP (identity provider) to verify a collaborator’s identity. And since Okta is one of the most common IdPs, we offer a dedicated integration to help speed up configuration.
Note: This guide walks you through configuring a Service Provider-initiated flow. If you need to enable an IdP-initiated flow, reach out to email@example.com.
Install the MURAL Okta application
The first half of this configuration happens in Okta. So, install our Okta integration and follow the Okta-specific steps of their instructions. Then, return to this article when you’re instructed to configure MURAL.
Upload Okta’s metadata
With Okta’s metadata in hand, you’re ready to configure the MURAL side of SSO. The first step is to upload that metadata on the SSO page of your company dashboard.
To upload Okta’s metadata into MURAL:
Click your name in the bottom left corner of the dashboard.
Select Company dashboard from the list of options.
Click SSO in the left sidebar.
Click Upload XML file.
Select the XML file downloaded from Okta.
Click Open. The Sign in URL and Sign in certificate auto populate.
Select HTTP-POST as the Request binding type.
Select SHA256 as the Sign in algorithm type.
Add claim mapping
Now, you’re ready to add claim mapping. Claim mapping is like the final piece of the bridge you’re building between MURAL and Okta. Let’s say MURAL speaks one language and Okta speaks another. Claim mapping acts as the translator between them.
With claim mapping, you can take attributes from Okta and assign them to attributes within MURAL. For example, Okta refers to an individual’s first name as firstName. This is called the attribute’s name, and MURAL needs to know those names to find all the data it’s looking for.
To configure claim mapping in MURAL:
From the SSO page of the company dashboard, type email in the Email address field.
Note: The value from the email address claim is used as the unique identifier and email address of a member’s MURAL account. If you have existing members using MURAL, make sure the claim value matches the email of their existing MURAL account.
Type firstName in the First name field.
Type lastName in the Last name field.
Type externalId in the External ID field.
Test the SSO configuration
A successful simulated test of your SSO configuration is required before you can save it. You can do this right from the SSO page on your company dashboard.
To test your SSO configuration:
From the SSO page of the company dashboard, click Test single sign-on. The page redirects to Okta.
Type your Okta credentials, if requested. The page returns to MURAL.
Verify all attributes are mapped correctly in the sample fields shown.
Copy the SSO test link and share it with others to test the configuration from more browsers and devices.
Note: The SSO test link is valid for 60 minutes after you run your test.
Click Save single sign-on.
Click Yes when prompted.
Note: Once you save your SSO configuration, SSO will be enabled for all members. This does not interrupt existing sessions, but all members will be prompted to log in using SSO on their next session.
If your test is not successful, review your configuration in both MURAL and Okta. Then, run your test again. If you’re unable to fix the issue, reach out to firstname.lastname@example.org for assistance.