Below are the steps to configure the emsigner app in the Okta Application.

Step 1: Sign in to your Okta Account using the Email ID and Password.

Step 2: Click on the Admin tab present at the right side of the page at the top.

Step 3: You will be redirected to the Admin Dashboard. Click on ‘Applications’ present in the left tab under the ‘Applications’ Menu.

Step 4: Click on ‘Create App Integration’ on this Page.

Step 5: Select SAML 2.0 from the options available and click on ‘Next’.

Step 6: In this page Provide the App Name and add the App logo if needed to be displayed to the users and click on ‘Next’.

Step 7: In the ‘Configure SAML’ page, provide the relevant details. Click on ‘Next’ after providing the below details. The details marked in bold below have to be taken from the eMudhra team and they vary for the UAT and PROD environments.

• Single sign-on URL: Here the callback URL of the emSigner application needs to be provided. Example: https://{{***.emsigner.com}}/Areas/Login/LoginCallback

• Audience URI (SP Entity ID): emSigner.com

• Name ID format: Select EmailAddress from the dropdown menu.

• Application Username: Select Email from the dropdown menu.

• Response: To be selected as Signed from the dropdown menu.

• Assertion Signature: To be selected as Signed from the dropdown menu.

• Signature Algorithm: To be selected as RSA-SHA256 from the dropdown menu.

• Digest Algorithm: To be selected as SHA256 from the dropdown menu.

• Assertion Encryption: To be selected as Unencrypted from the dropdown menu.

• Signature Certificate: Upload the .cer certificate as per the environment (UAT Certificate or PROD Certificate).

• Enable Single Logout: Check this box.

• Single Logout URL: Here the logout URL of the emSigner application needs to be provided. Example: https://{{***.emsigner.com}}

• SP Issuer: emSigner.com

Step 8: Select the relevant option, in this case the first option and click on ‘Finish’.

Step 9: The user will be redirected to the Settings page of the App where the Metadata URL will be shown. This metadata URL has to be configured in the Identity Providers Settings in emSigner.