Overview

AuthX integrates with Security Assertion Markup Language (SAML) to add two-factor authentication to Certify Me login. This SAML integration works for different web services

System Requirements

AuthX Authentication for server operating systems.

Server

• Windows Server 2012

• Windows Server 2012 R2

• Windows Server 2016

• Windows Server 2019

AuthX Factor Support

AuthX for SAML support these factor types for 2FA:

• Push

• TOTP

• Face

• Pin

• Phone SMS

• Phone Call

• Email

• Fingerprint

• RFID

• Hardware Token

Configuration Steps on AuthX & Certify Me

Pre-Requisite

1. Make sure to have an AuthX account, you can signup here https://admin.authx.com/signup

2. Make sure to have an Certify Me account, you can signup here https://portal.certify.me/signup

   1. The email id which we are using while account creation should be an Active user (same email ID) in AuthX portal, Certify Me portal & OKTA portal

AuthX Admin portal – Certify ME application creation steps

1. Login to AuthX Admin portal.

2. Navigate to the Applications tab

3. Click Protect Application and select Protect for Certify Me

4. Provide your inputs on the Application Name, Access Management Options, Institution ID, Entity ID, Cookies Expiry, Certificate

   1. Application name – Random characters allowed

   2. Access Management Options

      1. SSO with AuthX Identity

         1. Login using AuthX Registered Email address and password followed by the authentication factor enrolled for the user

      2. SSO with 3rd party Identity Provider

         1. Login using configured 3rd party SAML identity provider

      3. SSO with MFA for 3rd Party Identity Provider

         1. Login using configured 3rd party SAML identity provider followed by authentication factor enrolled for the user in AuthX

      4. Passwordless SSO with AuthX Identity

         1. Use any of the enrolled authentication factor in AuthX to access the application

   3. Institution ID

      1. Login to Certify Me portal

      2. Collect the Institution ID from the bottom left corner

         

   4. Entity ID & Certificate

      1. Login to Certify Me portal

      2. Navigate to Configuration → Select SAML

         

      3. Copy paste the Signin URL & Signout URL from AuthX portal -> Certify Me Application which was created above in Step 3

         1. Reference –

            

      4. Download the Certificate from AuthX portal → Certify Me Application which was created above in Step 3

         1. Reference –

            

         2. (or)

         3. In AuthX portal, navigate to Settings-> Certificate Management to download the Certificate

            

      5. Set the status to Active and save the SAML configuration

         

      6. Now click on Download Service Provider Certificate

         

      7. Now redirect to AuthX portal → Certify Me application

      8. Upload the Download Service Provider Certificate here

         

      9. Now redirect to Certify Me portal and Download Metadata to Upload to AuthX

         

      10. Upload the above downloaded file in the AuthX portal-> Certify me application → Upload Metadata

          

      11. After upload, the Entity ID will be auto filled

          

      12. Make sure to remove the trailing zero’s from the Institution ID

          

      13. Save the Certify Me application in AuthX portal

   5. Cookies Expiry

      1. Select any options listed here

         1. One time

            1. On every login, user to provide the Username & Password while login

         2. 8 hours

            1. Every 8 hours, user to provide the Username & Password while login

         3. One day

            1. Every 24 hours, user to provide the Username & Password while login

         4. Max (7days)

            1. 7 days once, user to provide the Username & Password while login

SAML as IDP – Certify me (SSO with AuthX Identity)

1. Pre-requisite – Make sure your logged out from AuthX Admin and Certify Me portal

2. Login to AuthX User portal mentioned in Configuration Steps on AuthX & Certify Me ->Pre-Requisite → Step 2 a

3. Navigate to Applications → Auth Applications tab

   

4. Launch the Certify Me application from here

5. A new tab opens up SAML login

   

6. Login with the user portal credentials here (Mentioned in Launch the Certify me Application-> Step 2 a)

   

7. Use any of the Auth factors to successfully login

   

8. User redirected to Certify Me dashboard

   

SAML as SP – Certify me (SSO with AuthX Identity)

1. Go to https://portal.certify.me/login

   

2. Login with the Certify Me user (Mentioned in Configuration Steps on AuthX & Certify Me → Pre-Requisite)

3. Redirects to SAML Login

4. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Certify Me ->Pre-Requisite → Step 2 a

   

5. Use any of the Auth factors to successfully login

   

6. User redirected to Certify Me dashboard

   

SAML as IDP – Certify me (SSO with 3rd party Identity Provider OKTA)

Application & Okta setup updates

Identity Provider creation

1. Login to AuthX admin portal

2. Navigate to Identity Provider

   

3. Select Add Identity provider

4. Fill in the mandatory details (Mentioned below in OKTA Identity Provider Setup Step 6)

   

5. Set the application status to Active

6. Save the application

OKTA Identity Provider setup

1. Go to https://dev-74176585.okta.com/login/login.htm

2. Login as an Okta Admin account

   

3. Navigate to Applications and select Applications

4. Select AuthX SAML

   

5. Choose Sign On Tab and select View Setup Instructions

   

6. Copy paste the following details in above mentioned Identity provider creation-> Step 4

   1. Identity Provider Single Signon URL,

   2. Logout URL

   3. Identity provider Issuer

   4. Download Certificate

OKTA – AuthX Identity Provider Configuration

1. After the Identity provider application is saved, go to Okta login and navigate to Applications

2. Select Applications and select AuthX SAML

3. Choose General Tab and edit the SAML Settings

   

4. On the General Settings, click Next

   

5. On the Configure SAML page, fill these details “Single sign on URL, Single Logout URL, Audience URI (SP Entity ID), SP Issuer & Signature Certificate” from AuthX Admin portal. Follow the below steps,

   1. Login to AuthX Admin Portal → Identity Provider → Edit the OKTA application (which was created in Identity Provider creation → Step 4)

   2. Click on Download Metadata

      

   3. Open the downloaded metadata file in Notepad and copy paste the Signin & Signout URL in above mentioned Configure SAML → Step 5

      

6. No go back to Configure SAML step and paste the following details,

   1. Single Sign in URL

      

   2. Single Logout URL (Click Show Advanced Settings)

      

   3. Audience URI (SP Entity ID) and SP Issuer field – Update the respective AuthX company hostname

      

   4. Signature Certificate

      1. Go to AuthX Admin portal

      2. Navigate to Settings-> Certificate Management

      3. Download the certificate & upload it here and click on Next

         

   5. Click Finish on the Feedback

   6. Logout from OKTA admin account

Certify me application updates in AuthX admin portal

1. Login to AuthX Admin portal and navigate to Applications

2. Edit Certify Me application

3. In the Access Management options, choose ‘’SSO with 3rd party identity provider’’

4. Select the Gateway

   

5. Save the application

6. Logout from AuthX Admin portal

Launch Certify Me application as IDP

1. Pre-requisite – Make sure your logged out from AuthX Admin, Certify Me portal & Okta Admin account portal

2. Now Login to AuthX User portal with user credentials mentioned in Configuration Steps on AuthX & Certify Me ->Pre-Requisite → Step 2 a

3. Navigate after successful login, it redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Redirects to AuthX user Confirm Identity page

   

6. Use any of the Auth factors to successfully login

7. User redirected to AuthX user portal-> Applications page

8. Now go to Auth Applications tab and launch Certify Me application

   

9. A new tab opens up SAML login

10. Login with the user portal credentials here (Mentioned in Launch the Certify me Application-> Step 2 a)

    

11. Use any of the Auth factors to successfully login

    

12. User redirected to Certify Me dashboard

    

SAML as SP – Certify me (SSO with 3rd party Identity Provider OKTA)

1. Go to https://portal.certify.me/login

   

2. Login with the Certify Me user (Mentioned in Configuration Steps on AuthX & Certify Me → Pre-Requisite)

3. Redirects to Okta login

   

4. Now input the OKTA user credentials and sign in

5. Use the AuthX User portal credentials mentioned in Configuration Steps on AuthX & Certify Me ->Pre-Requisite → Step 2 a

   

6. User redirected to Certify Me dashboard

   

SAML as IDP & SP – Certify me (SSO with MFA for 3rd party Identity Provider OKTA)

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2840887553/SAML+Configuration+for+Certify+Me#SAML-as-IDP—Certify-me-(SSO-with-3rd-party-Identity-Provider-OKTA) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2840887553/SAML+Configuration+for+Certify+Me#SAML-as-SP—Certify-me-(SSO-with-3rd-party-Identity-Provider-OKTA)

2. On Certify me login, after the User credentials input additionally it will ask for AuthX Confirm Identity

SAML as IDP & SP – Passwordless SSO with AuthX Identity

1. Follow the steps mentioned in https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2840887553/SAML+Configuration+for+Certify+Me#SAML-as-IDP—Certify-me-(SSO-with-AuthX-Identity) and https://certifyglobal.atlassian.net/wiki/spaces/AUTHX/pages/2840887553/SAML+Configuration+for+Certify+Me#SAML-as-SP—Certify-me-(SSO-with-AuthX-Identity)

2. On Certify me login, after the Email address input it will skip the Password option & redirect to Certify me dashboard