Option 1: Use Highway’s Published OIDC App
Supported Features
SP Initiated Auth Flow: SSO using OIDC initiated via Highway's sign in page.
Just in Time provisioning: Automates the creation and access of user accounts for Highway through Okta.
Requirements
Administrative access to your Okta environment.
Configuration in Okta
First, you will need to add the integration to your company Okta environment.
Navigate to the Okta Integration Network catalog.
Click search and enter "Highway" or simply click here.
From the Highway integration page, click the blue "add integration" button.
Leave the default name for the application as "Highway" and continue.
You may be redirected to the "Assignments" tab of the newly added Highway application. From here, you can assign specific users or groups that may require access to Highway or enable it for your entire organization.
Configuration in Highway
To complete setup, you will need to work with a member of our implementations team to make sure this integration works as expected.
Go to the Sign-On tab of the Highway application within your Okta environment.
Note the values of the Client ID and Client Secret fields.
Note the URL of the OpenID Provider Metadata.
Email your Highway Sales Engineer with the subject "RE: Okta SSO for Highway" along with the following:
Client ID value
Client Secret value
OpenID Provider Metadata URL
List of your company email domains this should be configured for
Once received, our team will configure the requested domains within Highway to communicate with Okta. After completion, you'll receive an email from a member of our team to confirm.
📘Reminder...
After this has been configured, all logins will begin to utilize SSO with Okta. Highway will no longer send OTP authentication codes to your broker-users via email/text.
After Activation
The flow for logging in after successful setup will be as follows.
SP (Highway) Initiated:
Visit https://highway.com/broker/login and enter your email address just like normal.
For email addresses on a registered domain, you'll be redirected to Okta to log in with your company Okta credentials or logged right into Highway if there is an active Okta session within your browser.
Option 2: Create a Custom SAML Application
Setting up a new custom SAML application in Okta is a straightforward process that uses their App Integration Wizard. Okta serves as the Identity Provider (IdP), and your SaaS product is the Service Provider (SP).
Create a New App Integration
Log in to your Okta Admin Console.
In the left-hand navigation menu, go to Applications > Applications.
Click the Create App Integration button.
In the modal, select SAML 2.0 as the sign-in method, then click Next.
On the General Settings tab, provide a name for your application and optionally upload an application logo.
Click Next.
Configure SAML Settings
On the Configure SAML page, under the SAML Settings section, set the following values:
Variables | Value |
Single sign-on URL |
|
Audience URI |
|
Default RelayState | Leave blank |
Name ID format | Select |
Application username | Select |
Update application username on | Select |
Attribute Statements | Add mappings for |
Click Next and Finish
Provide IdP Metadata back to Highway
On the new application's Sign On tab, under the SAML 2.0 section, click View Setup Instructions.
Download the IdP metadata XML file.
Send the downloaded file to Technical Sales Engineer at Highway
Assign Users and Groups
Go to the application's Assignments tab.
Click the Assign dropdown and select either Assign to People or Assign to Groups.
Select the users or groups you want to grant access to and click Assign.
For individual users, you may need to confirm their username. Click Save and Go Back.
Additional resources from Okta