Last updated Mar 13, 2024

SAML Identity Provider Integration

Rokt uses Auth0 for user authentication. This guide details the steps to configure your Identity Provider (IdP) with Rokt's Auth0 tenant, acting as the Service Provider (SP).

1. Register Your IdP with Rokt

Provide your account manager with these details about your enterprise IdP:

1. Identity Provider: Specify the IdP you are using (e.g., Okta, OneLogin, Ping Identity).

2. Authentication Initiation Point: Choose SP-Initiated (strongly recommended) or IdP-Initiated.

   info

   Before selecting IdP-Initiated, please review the risks.

3. Sign-in URL: URL to redirect users for authentication.

   • Example: https://mycompany.com/yourIdp/login

4. Domain Names: List domains used for user authentication.

   • Example: "mycompany.com", "also-mycompany.net"

5. Signing Requirements:

   • Request Signing Algorithm: Choose RSA-SHA256 (recommended) or RSA-SHA1
   • Algorithm Digest: Select RSA-SHA256 (recommended) or RSA-SHA1

6. Your Signing Certificate: Include your signing certificate in PEM or CER format. Our Auth0 tenant will use it to verify your requests.

2. Configure Your IdP

Rokt will send you the following details for your IdP configuration:

1. Single Sign-On URL: URL for redirecting users after successful authentication.

   • Example: https://some-domain/some/path?v1=val1&v2=val2

2. Request Verification:

   • Use the provided Certificate
   • Set Audience Restriction
     • Example: "urn:some:aud"

Include these attributes in your SAML Assertions:

• email
• name (Display Name)
• given_name
• family_name

3. Test Connections

Rokt will provide a custom URL to test authentication.

4. Enable SAML SSO for All Users

After successful testing, Rokt activates SAML SSO in our application. Users with an email from your configured domains will authenticate through your IdP.