This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.
The Okta/Retail Zipline SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Contact the Retail Zipline Support team at support@retailzipline.com and request that they enable SAML 2.0 for your account.
Include the following metadata URL with your request:
Sign into the Okta Admin dashboard to generate this value.
The Retail Zipline Support team will process your request. After receiving a confirmation email, you can start assigning people to the application.
The Retail Zipline application is pre-configured to pass the groups as part of the SAML assertion. In order to send user groups as part of the SAML assertion:
In OKTA, select the Sign On tab for the Retail Zipline app, then click Edit.
Select your preferred group filter from the member_of dropdown list (the Regex rule with the value ".*" in order to send *all* groups to the Retail Zipline instance we used in our example) for the attribute.
Click Save.
Done!
Make sure that you entered the correct Subdomain value under the General application tab in Okta. Using the wrong values will prevent you from authenticating via SAML to Retail Zipline.
The following SAML attributes are supported:
Okta sends the following default attributes as part of the SAML assertion:
| Name | Value |
|---|---|
| given_name | user.firstName |
| family_name | user.lastName |
| user.email | |
| employee_number | user.employeeNumber |
| member_of | This is configured in the app UI; see member_of attribute instructions above. |
In addition to the default attributes, Okta supports the following custom attributes:
| Name | Value |
|---|---|
| time_zone | appuser.time_zone |
| locale | appuser.locale |
| role | appuser.role |
| title | appuser.title |
| location | appuser.location |
| cost_center | appuser.cost_center |
| exempt | appuser.exempt |
| is_active | appuser.is_active |
| custom1 | appuser.custom1 |
| custom2 | appuser.custom2 |
| custom3 | appuser.custom3 |
| custom4 | appuser.custom4 |
| custom5 | appuser.custom5 |
Here is an example describing how to add and use the title attribute:
In Okta, navigate to Directory > Profile Editor.
Search for the Retail Zipline app, then click on Profile:
Click Add Attribute, then enter the following:
Display Name: Enter a preferred attribute name. In our example, we used Title.
Variable Name: title.
Important: In our example we are adding the title attribute. You must use the following variable names (case-sensitive) for the custom attributes: time_zone, locale, role, title, location, cost_center, exempt, is_active, custom1, custom2, custom3, custom4, and custom5.
Click Save.
Note: Scope (optional): If you check User personal, it means that the current attribute will be available once you assign the user to the Retail Zipline application and will not be available once you assign the group to the app.
Click Map Attributes:
Select the Okta to Retail Zipline tab.
Start typing the required attribute from the Okta Base User profile (or use the drop down list) and select the attributes you want to map.
In our example, we have selected the title attribute, then use the green arrows (Apply mapping on user create and update).
Click Save Mappings:
Click Apply updates now:
Okta will now pass the title attribute with the value of the title field from the Okta Base User Profile.
Open the following URL: https://[yourSubDomain].retailzipline.com/sso/saml.