How to set up Okta (SAML) for Affinity access

Set up a custom application within Okta for authentication into Affinity. Follow these steps to get started:

1. Click on the Applications tab on the left sidebar, then click Create App Integration.
   
   
   
2. On the following pop-up, select SAML 2.0, then click Next.
   
   
   
3. Under the General Settings tab, fill out the App name. The App logo and App visibility fields can be filled out if you'd like. Then, click Next.
   
   
   
4. Under the Configure SAML tab, fill out the following fields:
   1. Single sign-on URL:

      https://subdomain.affinity.co/auth/sso/saml-callback

      Note: Please replace subdomain with your actual Affinity subdomain.
      
      
   2. Audience URI (SP Entity ID): affinity
      Note: This can be changed to an ID of your preference, however, if it is not "affinity", please provide us with your ID.
      
      
   3. Default RelayState: {"platform", "web"}
      Note: For an IDP-initiated setup, replace {"platform", "web"} with IDP-INITIATED-FLOW and let us know at support@affinity.co.
      
      
   4. Name ID Format: EmailAddress
      
      
      
5. Next, the Attribute Statements is not optional and must be filled out with the following below, since Affinity would need the user's email address to be returned.
   
   
   
6. Finally, click Next, then click Finish. This should automatically take you to the Sign On tab for your newly-created application.
7. Scroll down to SAML Signing Certificates section and please provide the URL for the Active cert (IdP Metadata). Here are the following fields we need to know to finish the setup:
   1. Audience URI (SP Entity ID)
   2. IdP metadata URL
   3. Optional: Default RelayState (only if it is IDP-initiated)