Create app integration
From the Okta.com dashboard, create a new app integration
Select sign-in method SAML 2.0
Select SAML 2.0 as the sign-in method for the new app integration.
Choose a name for the app integration
Choose a name for the app integration so you can easily identify it. This app represents H5P.com, so this is the suggested name.
Provide placeholder values for step 2 for now
For step 2 of the configuration, we need to provide some placeholder values. This is because we need to proceed to the next step in order to obtain the Identity Provider Metadata XML URL that H5P.com requires in order to start the configuration.
For URL you can use https://<your-subdomain>.h5p.com, and for SP Entity ID use PLACEHOLDER. The actual values don't matter, as we will change them both in a later step.
Choose Name ID format and configure the email attribute statement
On the same step as before, choose "Persistent" for Name ID Format, and right below, add an attribute statement for the user's email. Okta allows you to set the attribute name, so set it to email. Make sure that the value used isuser.email.
Click Next to proceed to step 3 of the wizard (which is Okta asking for your Feedback) and then finish.
Obtaining the Identity Provider Metadata XML URL
After finishing the configuration using placeholder values, you should have been redirected to the "Sign On" tab. Scroll down to find the SAML Signing Certificates section, where you can click the "Actions" button to reveal a "View IdP Metadata" option.
Click this to open the metadata in a new tab. We now need to copy the complete URL to this metadata and use that to start the configuration for your organization on H5P.com.
When signed in to your H5P.com organization, navigate to Manage Organization > Settings > Single Sign-On (SAML).
Here, enter the IdP Metadata URL you just copied, and the attribute name we chose for the email attribute, which should be email if you followed the instructions.
Click the save settings button at the bottom of the page. When the settings are saved, reopen the Single Sign-On (SAML) panel and proceed to the next step in this guide.
Copy the reply URL and SP Entity ID to replace placeholder values used initially
We now have the real values that we need to enter into our Okta app integration SAML settings.
Update Okta.com app integration SAML settings
Enable SAML 2.0 login
Now we can enable SAML 2.0 login on the settings page of H5P.com. Remember to save settings after checking the option.
Assign Users, and test logging in
Users must be assigned to the app integration in Okta in order to perform Single Sign-On on H5P.com.
Assuming this is done, you are now ready to perform SAML login by visiting the root path of your organization's subdomain on H5P.com: https://<org-subdomain>.h5p.com/
You should now be automatically redirected to an Okta login page. Successful login should redirect you back to H5P.com.
As an H5P.com administrator, if you need to log in with your username and password, navigate directly to /login/introduce instead of /.