Oktamail_outline


This guide will walk you through setting up Lytho's single sign-on using Okta. In addition to your setup in Okta, there are two action items you will need to send to inMotion Support so we can finalize the integration on our end.

This guide uses Okta's Classic UI. If you're using the Okta Developer Console, you can switch to the Classic UI using the dropdown in the upper left corner.


Creating the Lytho Integration in Okta

On the Okta Applications page, click Create New App.


On the Create a New Application Integration modal, assign your Platform as "Web" and your Sign on method as "SAML 2.0." Click Create.


Name the app, set up your App visibility, then click Next.

Since IdP Initiated Sign On is not a supported login flow, we recommend checking both "Do not display application icon to users" and "Do not display application icon in the Oka Mobile app" under App visibility.

SAML Settings


After you've named your app integration, you'll configure your SAML Settings. Use this numbered guide to determine what to enter into each settings field.

  1. Single sign on URL: https://inmotion.auth.us-east-1.amazoncognito.com/saml2/idpresponse
    1. Only check "Use this for Recipient URL and Destination URL"
  2. Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-east-1_SvA0fLf8R
  3. Default RelayState: Leave this field blank
  4. Name ID format: Select "Persistent"
  5. Application username: Select "Email"

    Under Attribute Statements, use "Basic" as the Name format, then assign these Names and corresponding Values:
  6. Email >> user.email
  7. LastName >> user.lastName
  8. FirstName >> user.firstName 

We recommend the above Names for steps 6-8, but you can choose whatever Names you'd like. Regardless of whether you use the above or something different, make a note of the exact Names you enter, because you'll need to send them to Lytho Support. Names are case-sensitive.

Completing the Integration

After you've entered the SAML settings, Okta will ask for your feedback. Complete this section by selecting "I'm an Okta customer adding an internal app" and "This is an internal app we have created." Click Finish to complete setup.

On the confirmation page for your new Lytho application, click "Identity Provider metadata" to get a URL of your metadata; make a note of the URL, as you'll need to send it to Lytho Support.

Assigning Users

To give users access to your new integration, click the Assignments tab, then Assign on the Lytho application page.

You can choose Assign to People if you'd like to assign individual users to inMotion, or Assign to Groups if you'd like to assign entire user groups.


Final Action Items - What we need from you

In order for the Lytho integration in Okta to be completed, you will need to send your Attribute Statements Names (steps 6-8 under "SAML Settings") and your "Identity Provider metadata" (the final step of "Completing the Integration") to Lytho Support. Email that information to us along with your Lytho account subdomain, and we'll help complete your setup! 

If your team's Lytho  account URL is xyzcompany.ignite.inmotionnow.com, xyzcompany is your subdomain.

© Lytho, Inc. All rights reserved. | Privacy Policy