This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
3732members
1219posts

Configure SSO with Okta

InvocaKnowledge
Community Manager
Community Manager

‎10-18-2023 09:28 AM - edited ‎10-26-2023 12:03 PM

Objective

Utilizing Okta to log into Invoca via SSO/SAML

Applies To

SSO SAML setup for companies that utilize Okta as their IdP

Procedure

Part 1 - Configure the Okta tile

  1. In the Admin Console, go to Applications > Applications.
  2. Click Create App Integration.Screenshot 2023-10-16 at 4.23.25 PM.png
  3. Select SAML 2.0 as the Sign-in method.Screenshot 2023-10-16 at 4.24.24 PM.png
  4. Click Next.
  5. Provide the general information for the integration and then click Next. Here is an Invoca icon that you can add to your app: logo.pngScreenshot 2023-10-16 at 4.26.45 PM.png
  6. Provide the necessary SAML settings information for your integration. Please note that your configuration might differ from this screenshot as the drop-down options are unique to your application. 
    1. If you encounter challenges while mapping the necessary parameters, such as phone numbers, it may be necessary to create a custom attribute and add this new attribute to the app. Please remember that the app should be fully created before you can proceed with mapping new custom attributes. For further guidance on how to create and map custom attributes in Okta, please refer to this article .
    2. saml settings.png
  7. Click Next.
  8. Provide configuration information about your app integration to Okta, then select Finish.

Part 2 - Enable SSO in Invoca

Follow the steps in our How to allow users in your Invoca network to log in via SAML Single Sign-On (SSO) help article. Please note that all the fields must be filled out before you can get the metadata.

Screenshot 2023-10-16 at 4.33.06 PM.png

If you are unsure how to locate your SHA-265 Fingerprint, this help article will walk you through the steps: ​​https://community.invoca.com/t5/how-to/how-to-find-your-sha-1-or-sha-256-fingerprint-for-your-sso/...
 

Part 3 - Configure the SSO settings in Okta

Once the tile is configured there are instructions on how to complete the SAML setup in Okta - Click on the button titled View SAML setup instructions, this will provide you with the necessary steps to enter Invoca's SAML endpoint(s), and metadata.

Screenshot 2023-10-16 at 4.34.23 PM.png

Part 4 - Test the Okta tile and Optional Cleanup

Testing best practices:

Once the SSO settings in Invoca have been completed and your Okta tile has SAML all setup, navigate to the Okta User Home page and test the tile. It's encouraged to create a Group in Okta and/or Group Rules for testing before inviting all users to the new SAML Invoca app. If you were able to sign Invoca successfully from Okta then you've completed this task. Congrats!

 

Optional Cleanup:

When enabling SSO for users, it's important to be aware that there will be two different authentication types for the same user.
Screenshot 2023-10-16 at 4.04.56 PM.png

If you decide to make SSO SAML requirements "mandatory for all users," we strongly recommend removing the 'Credentials' User to avoid locking out this account. Before removing the 'Credentials' User, be sure to add any saved Reports to the 'Single Sign On' User as these reports will not be transferred over automatically.

Screenshot 2023-10-16 at 4.05.09 PM.png

 

Help articles if you encounter a 403 error code:

 

 

Additional Information

A certified Okta Admin is required for this configuration.
0 Kudos
Need more help?

Don't see what you are looking for? You can ask the Community or contact support.

Copyright © 2024 Khoros, LLC