How to set Okta SSO with Thru AFT
Hello customer,
Below are the two steps needed to get SSO configured for your Thru AFT instance.
Please note that SSO is a production change and all production changes are subjected to a five business day SLA once escalated.
There are two steps to this process
Create your SSO SAML Application within your identity provider.
Send us your SSO information once the application is completed so we may update your SSO information in our system.
Step 1
Log into your identity provider - Okta.
Create a new SAML Application.
Use the information below to complete the application setup.
General SAML Settings
Single Sign-on URL - https://regionURL/api/saml/AssertionConsumerService?code=”Customer Code”
Audience URI(Entity ID) - ThruRegion-”CustomerId”-”CustomerCode”
Name ID Format should be Email address.
Application username should be Custom and the custom rule should be as follows: substringBefore(user.email, “@”) + “-CustomerCode”
See the screenshot below for an example:

Attribute Statements
Add the following required attribute values, the order in which they are added does not matter.

Once these settings have been added click Next.
The last section can be ignored unless you want to give Okta feedback. Click Finish.
Step 2
The only item Thru will need to complete the SSO configuration is the XML or Metadata file.
Once the XML/Metadata file has been provided we will escalate this SSO request to our Devops team. Once the SSO configuration has been completed we will ask you to test the SSO application. If you experience issues authenticating via the SSO application we will schedule a meeting to troubleshoot.
Please let me know if you have any questions regarding the SSO steps provided above.