# How to configure Single Sign On (SSO) for an Illumina Enterprise domain using Okta

Follow the steps below to configure the IDP (Okta) and SP (Illumina) for SSO on an Illumina Enterprise domain. Note that only an Okta Admin is able to perform the outlined steps below.

***Note**: Illumina supports **SP-initiated login only**. Users must sign in via an illumina.com* URL\
\&#xNAN;*(e.g.,* https\://{domain}.login.illumina.com *or* https\://{domain}.basespace.illumina.com\*).\*

1. From the Okta admin console, select the **Applications** tab and **Create App Integration**.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-adc610db0fb985acfe1e8069bed169211465cc64%2Fimage1.png?alt=media\&token=ab1bcb0d-2096-4b01-93e8-1308b3f81c6a)

2. Select **SAML 2.0** then select **Next**.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-a726ad9bc5f2af4567e8225bfeaa07f97a4d9cef%2Fimage2.png?alt=media\&token=34eff602-b6e3-4946-bd9f-eb123b2c4666)

3. Provide a name for the application and select **Next**. Here the application name is "PlatformAuth."

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-76fe7703768e37fe66bd0536322f7cb5b605aa3c%2Fimage3.png?alt=media)

4. Enter <https://login.illumina.com/saml-service/saml/SSO> in the **Single sign-on URL** field and <https://login.illumina.com/saml-service/saml/metadata> in the **Audience URI (SP Entity ID)** field.
5. Leave **Name ID Format** set to “Unspecified” and set **Application username** to “Email”.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-bcd7c315a56fb0323cec6fa103baa051376fbbfd%2Fimage4.png?alt=media)

6. Under **Attribute Statements** enter attributes for the email address, first name, and last name. The value provided under the **Name** column is what will be entered in the Illumina IAM Console (**Step 10**). Make sure the **Name format** is set to “URI Reference.”

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-4c5aba738d884a87bc3c4d70bcc5c025516ee091%2Fimage5.png?alt=media)

7. After saving the settings, select the link for **Identify Provider metadata** to download the Okta metadata XML file, which will be uploaded to the Illumina IAM Console.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-fcb6fff0ca26db9b252a29d4d0fa1f798c2e22af%2Fimage6.png?alt=media)

8. From the **Directory > Profile Editor** tab in Okta, select the application (here is “PlatformAuth”), then select the **+ Add attribute button**. Create 3 attributes, one each for Email, First name, and Last name.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-d0c3f79b3d4ac8c0e23a83fb1face750b2ba9339%2Fimage7.png?alt=media)

9. Select the **Mappings** button when all three attributes have been created and select the **Okta User to** tab. Make sure that user.firstName, user.lastName, and user.email map to the appropriate attribute created in **Step 8** and select **Save Mappings**.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-86f1a734b4044bbd8596a14970a9026161b08d41%2Fimage8.png?alt=media)

10. From the Illumina IAM Console, upload the Okta metadata XML file under the **Select SAML configuration file** and enter the **Entity ID** value in the **IDP URL** field. This value can be found in the metadata XML file downloaded in **Step 7**.

* ![](https://761066130-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FGM9W2DuBTgEXv1ClCm8H%2Fuploads%2Fgit-blob-53af50f35d27e53c087c5e3e9d9b0cec17d6a5a8%2Fimage9.png?alt=media)

11. Enter the exact values used in the Name field for the **Attribute Statements** in **Step 6** into the appropriate fields on the **Authentication Configuration** page and select **Save**.
12. Once settings have been saved on both the IDP and SP ends, it will take some time for everything to sync on the Illumina side. Wait at least 15 min, and be aware that settings can sometimes take over an hour to sync.

\
\
\ <br>

|                                                                                                                                                                                                                                                                                                                                                                 |
| :-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: |
| *For any feedback or questions regarding this article (Illumina Knowledge Article #6210), contact Illumina Technical Support* [*techsupport@illumina.com*](mailto:techsupport@illumina.com?subject=Question%2FFeedback%20Regarding%20Illumina%20Knowledge%20Article%20#000006210%20-%20Software%20\&body=Dear%20Illumina%20Technical%20Support,%0D%0A%0D%0A)*.* |