How to Configure Okta Single Sign-On with SAML?
Configuring Okta Single Sign-On with SAML
Okta is an identity and access management platform. Its SSO solution allows users to log into a variety of systems using one centralized process. This configuration guide explains how to link Noticeable with Okta for Single Sign-On using SAML.
Service Provider-initiated login - We do not support IdP-initiated login for now.
Just-in-Time account creation - Provision new Noticeable accounts for team members without existing access, upon their first SSO sign-in.
Automatic projects and role assignation upon account creation: configure whether new Noticeable accounts get access to existing projects and what role they should be assigned to.
You need to upgrade to our Enterprise plan to enable Single Sign-On.
Log in to your Okta account and navigate to the Admin dashboard.
From the Applications menu on the left, select Applications.
The Applications page is displayed. Click on the button Add Application:
The Okta catalog is displayed. In the Search field enters Noticeable and click on the corresponding entry that appears in the dropdown list.
At this stage you should see the Noticeable app page description with supported capabilities. Click on the Add button.
General settings for the Noticeable app are displayed. Use the default application label or enter a custom one. For Application visibility, we suggest checking the options Do not display application icon to users and Do not display application icon in the Okta Mobile app since Noticeable supports SP initiated login only. Then, click Next.
The Sign-On Options appear. Select SAML 2.0 as sign on method and click Done:
The configured Noticeable application opens on the Assignments tab. Use the Assign dropdown button to add new people or group of people who will be allowed to connect to Noticeable via Okta.
Select Sign On in the app menu bar and click on the View Setup Instructions to access information you will need to complete configuration on Noticeable. We will refer to this information in the following as Okta Setup Instructions.
At this stage, you should have an application dedicated to Noticeable configured on Okta. The integration with Noticeable works in 2 steps. First, you need to create a connection. Second, you have to link the company domain that users use in their email address to sign in.
Creating a connection
Open the Noticeable dashboard.
From the left menu, click on Integrations. A page that lists available integrations appears.
Locate the Single Sign-On integration and click on Configure. The configuration page is displayed.
Click the Add New button on the top right side, then Connection in the dropdown that appears. A form to configure a new connection is shown.
Enter a name in the first input field, for instance Okta.
As Connection Type select SAML.
As Entity ID, enter the Okta Identity Provider Issuer value you get from Okta Setup Instructions.
The SSO URL to use your Okta Identity Provider Single Sign-On URL value you get from Okta Setup Instructions.
The Certificate value is the Okta X.509 Certificate value you get from Okta Setup Instructions.
Select what action to perform Upon Account Creation. By default, when a user from your organization signs in for the first time, an account is automatically created on Noticeable but the user is only assigned as a member of your Noticeable organization. No project access is given. The Upon Account Creation option allows giving access to existing projects to new users without having to send invitations manually for each project under your organization.
Click Create. Your connection is created!
Noticeable supports multiple connections so that if you need to switch between 2 Identity Providers, you can do it without any interruptions.
Creating and linking a domain
The last configuration consists in linking your company domain (the one used by users to sign-in) with the connection created in the previous section.
Click the Add New button on the top right side, then Domain in the dropdown that appears. A dialog to link a new domain is shown.
In the Domain name field, enter your company domain, for example acme.com. The domain to specify is the domain users will use in their email address in order to sign-in.
In the Link with connection dropdown, select the connection to link this domain with. If you followed the steps, the connection should be named Okta.
Click Link. A new dialog appears. It asks to setup a TXT DNS record to prove that you own the domain.
Complete the DNS configuration and click Verify.
That's it. Your domain is verified and linked. You can use SSO to sign-in to Noticeable 🎉
Read our SCIM configuration guide if you need to support deactivation/reactivation.
Updated on: 05/06/2021