Single Sign-On (SSO) is an advanced feature available with the Enterprise plan only.

Configuring Okta Single Sign-On Integration

Okta is an identity and access management platform. Its Single Sign-On solution allows users to log into a variety of systems using one centralized process.

Configuring Okta

We are working on publishing application templates to the Okta catalog but until it is completed, you need to apply the next steps.

Log in to your Okta account and navigate to the Admin dashboard.



From the Shortcuts menu bar, click Add Applications. The Add Application window is displayed.



Click Create New App. The Create a New Application Integration dialog is displayed.



In the Sign on method field, select OIDC and click Create. The Create OIDC Integration window is displayed and opens at the General Settings tab.



Although Noticeable supports OIDC and SAML 2.0, we recommend using OIDC when possible. If you use SAML, similar steps apply.

In the Application name field, enter Noticeable. As Login redirect URIs, specify https://staging.auth.noticeable.io/__/auth/handler. Then, click Save. The general settings for the new application you have created are shown.

Locate the Client Credentials and General Settings boxes. Copy the value associated with the fields Client ID and Okta domain. We'll respectively refer to these values as your Okta Client ID and Okta domain when configuring your integration on the Noticeable dashboard just after.



In General Settings, click Edit.


For Allowed Grant Types, check the boxes Implicit (Hybrid) and Allow ID Token with implicit grant type. Validate the changes with the Save button at the bottom of the box.



Click on Assignments in the tab bar. Then, use the Assign dropdown button to add new people or group of people who will be allowed to connect to Noticeable via Okta.



Configuring Noticeable

At this stage, you should have an application dedicated to Noticeable configured on Okta. The integration with Noticeable works in 2 steps. First, you need to create a connection. Second, you have to link the company domain that users use in their email address to sign in.

Creating a connection

Open the Noticeable dashboard: https://staging.dashboard.noticeable.io

From the left menu, click on Integrations. A page that lists available integrations appears.

Locate the Single Sign-On integration and click on Configure. The configuration page is displayed.

Click the Add New button on the top right side, then Connection in the dropdown that appears. A form to configure a new connection is shown.

Enter a name in the first input field, for instance Okta.

As connection type select OIDC.

As Client ID, enter the Okta client ID value you copied while applying the Okta configuration steps.

The Issuer URL value to use should be your Okta domain with the prefix https:// prepended and the suffix /oauth2/default appended. For instance, if your Okta domain is acme.okta.com, then you should use https://acme.okta.com/oauth2/default.

Select what action to perform Upon Account Creation. By default, when a user from your organization signs in for the first time, an account is automatically created on Noticeable but the user is only assigned as a member of your Noticeable organization. No project access is given. The Upon Account Creation option allows giving access to existing projects to new users without having to send invitations manually for each project under your organization.



Click Create. Your connection is created!

Noticeable supports multiple connections so that if you need to switch between 2 Identity Providers, you can do it without any interruptions.

Creating and linking a domain

The last configuration consists in linking your company domain (the one used by users to sign-in) with the connection created in the previous section.

Click the Add New button on the top right side, then Domain in the dropdown that appears. A dialog to link a new domain is shown.
In the Domain name field, enter your company domain, for example acme.com. The domain to specify is the domain users will use in their email address in order to sign-in.
In the Link with connection dropdown, select the connection to link this domain with. If you followed the steps, the connection should be named Okta.



Click Link. A new dialog appears. It asks to setup a TXT DNS record to prove that you own the domain.



Complete the DNS configuration and click Verify.
That's it. Your domain is verified and linked. You can use SSO to sign-in to Noticeable 🎉

Configuring SCIM provisioning with Okta

Noticeable supports basic SCIM 2.0 provisioning operations, namely user deactivation and reactivation. Other operations are not implemented at all.

Getting your SCIM authorization value

Open the Noticeable dashboard: https://staging.dashboard.noticeable.io

From the left menu, click on Integrations. A page that lists available integrations appears.

Locate the Single Sign-On integration and click on Configure. The configuration page is displayed.

On the configuration page, click SCIM Provisioning. This opens a dialog that displays your SCIM authorization value. Copy this value. It will be used in the following to configure Okta.



Configuring Okta

Until the Noticeable integration is published in the OIN catalog, you need to configure a separate Application on Okta.

Log in to your Okta account and navigate to the Admin dashboard.



From the Shortcuts menu bar, click Add Applications. The Add Application window is displayed.



Click Create New App. The Create a New Application Integration dialog is displayed.



In the Search field, type SCIM and select SCIM 2.0 Test App (Header Auth).



As Application label, enter Noticeable SCIM. Check the options Do not display application icon to users and Do not display application icon in the Okta Mobile App. Click Done.

You should see the Assignments tab for the app you have just created. Assign people or group of people who will use the app.

Click the Provisioning tab option and tap on Configure API Integration.

Check the option Enable API Integration, then as Base URL use https://staging.scim.noticeable.io/v2. As API Token, enter the SCIM authorization value you copied previously from the Noticeable dashboard.

Click Test API Credentials, then Save. You get access to the provisioning configuration options.

Click Edit, check Enable for the option Deactivate Users and Save.



Congratulations! user deactivation and reactivation is enabled. If you unassign or deactivate a user account on Okta, the existing account on Noticeable is disabled: the user can no longer sign-in to Noticeable. Upon reactivation in Okta, the account on Noticeable is re-enabled and the user can sign-in again.
Was this article helpful?
Cancel
Thank you!