- An Okta tenant.
- A user account in Okta with permission to configure SSO.
- Configure an Okta SSO directory in the Foxit Admin Console with verified domains.
Supported features
The Okta/[Foxit Admin Console] SAML integration currently supports the following features:
- Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to the application from Foxit.
- Identity Provider (IDP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when the user attempts to log in to Foxit from Okta.
- JIT (Just-In-Time) Provisioning
Configuration steps
1. Open Okta Admin panel or register an Okta account
Open your Okta Admin panel. (www.okta.com)
If you do not already have an Okta Admin account, you can create one.
2. Create an application
On your Okta Admin panel, go to Applications > Applications > Browse App Catalog
3. Enter "Foxit Admin Console" in the Search catalog of integrations field and select the app "Foxit Admin Console".
4. Click Add Integration.
5. Give the application a name (in this example, "Foxit Admin Console"). Click Done.
6. Fill in "Default Relay State" (in this example, "https://adminconsole.foxit.com")
7. Collect the SAML Information
Retrieve the following values from the Admin Console, under User ID Management > Directory Setting:
-
SP Assertion Consumer Service URL: The location where the SAML assertion is sent with an HTTP POST. This is referred to as the SP Assertion Consumer Service URL in Foxit Admin Console.
SP Entity ID: The application-defined unique identifier that is the intended audience of the SAML assertion. This is the SP Entity ID in Foxit Admin Console.
8. Fill in SP Assertion Consumer Service URL and SP Entity ID, then click Save.
- Fill in the SP Entity ID of the Admin Console into the SP Entity ID field of Okta
- Fill in the SP Assertion Consumer Service URL of the Admin Console into the into SP Assertion Consumer Service URL field of Okta
9. Supported Attributes
* The following SAML attributes are supported:
|
Name
|
Value
|
|---|---|
| user.email | |
| firstname | user.firstName |
| lastname | user.lastName |
10. SP-initiated SSO
Go to Foxit Admin Console Website: https://adminconsole.foxit.com/, and set the Okta settings in the Foxit Admin Console
Note the following information:
SignOn URL
Issuer
Signing Certificate
(Note: The values below are for illustration only. Note the actual values in your instance.)
Copy these three values and paste them into the Admin Console (Setting> Directory Settings):
- Fill in the value of "SignOn URL" from Okta into "Identity provider SSO URL" in the Foxit Admin Console
- Fill in the value of "Issuer" from Okta into "Identity provider Entity ID" in the Foxit Admin Console
- Fill in the value of "Signing Certificate" of Okta into "Public x509 certificate" in the Foxit Admin Console
Click Save Configuration at the end of the page.
Done!
Troubleshoot
If you encounter any issues or have any questions, please do not hesitate to reach out to submit a support ticket.
Q1. When the SSO of OKTA is set, can the old Foxit's old password be logged in?
Answer: After successfully configuring Okta SSO, when a user logs in to the Foxit application, Foxit will log in with the Okta account by default, and the original password will not be used.
Q2. Can multiple domains be selected in Okta?
Answer: Yes, multiple Domains can be added for one Okta SSO.
