Configure SAML 2.0 single sign-on (SSO) in Okta

As a Creovai Admin user you can configure SAML 2.0 single sign-on (SSO) using Okta identity provider.

What we'll cover:

  1. Configuring Okta IdP for SAML 2.0 SSO

    1. Add Creovai as a new SAML 2.0 Web application
    2. Create a SAML integration
    3. Provide the IdP metadata to Creovai

  2. Creovai account activation and sign-in experience

  3. Configure SAML SSO for a specific IdP
Getting started: In the SAML SSO configuration example in this article, Creovai is the service provider and Okta is the identity provider (IdP). The majority of SAML 2.0 compliant identity providers require the same information about the service provider for setup.


Before you begin:

Before you can configure SAML 2.0 SSO in Okta, you'll need:

  • to be an Administrator of your organization’s Creovai users so you can activate users and test the integration.
  • an Okta account with Administrator privileges.

Configuring Okta IdP for SAML 2.0 SSO

This section shows you how to configure the identity provider, Okta, to enable SAML single sign-on in Creovai.
Within Okta you’ll first add Creovai as a new SAML 2.0 Web application. Finally, you’ll set up a SAML integration and provide the IdP metadata to Creovai.


Add Creovai as a new SAML 2.0 Web application

To begin, you’ll need to sign in to your existing Okta identity provider account using your administrative rights.

  1. Select Applications from the main menu.

  2. On the Applications page, select the Add Application button.

    Add_Tethr_as_a_new_SAML_2.0_application_in_Okta___Tethr_customer_support.png

  3. Within the Add Applications page, select the Create New App button.

    Create_new_Tethr_web_application_in_Okta___Tethr_customer_support.png

  4. You’ll see a Create a new Application Integration pop-up, where you’ll choose Web as the platform.

  5. Choose SAML 2.0 as the sign-on method.

  6. Then select Create.

    Configure_you_new_Tethr_web_application_integration_in_Okta___Tethr_customer_support.png


Create a SAML integration

  1. On the Create SAML integration page under the General Settings tab, you’ll give your App a name and description and upload an optional logo.

    a) For the App name, use Creovai.
    b) Optional: Download this Creovai logo image to use as the App image: TethrLogo-Blue.png c) Select Next to configure SAML.

    Create_SAML_integration_in_Okta_general_settings___Tethr_customer_support.png

  2. On the Configure SAML tab under General SAML Settings section, enter https://mycompanyname.tethr.com/AuthServices/Acs as your single sign-on URL.

  3. Then enter https://mycompanyname.tethr.com/AuthServices as your Audience URI (SP Entity ID).

    Enter_URLs_to_configure_SAML_web_application_integration_in_Okta___Tethr_customer_support.png

  4. Under the Attribute Statements section:

    a) Enter user.id as the Name.
    b) Enter user.login as the first Value.

    Enter_userid_anduser_login_value_in_Okta___Tethr_customer_support.png

    Proceed through to complete the setup process. When you reach the Sign On tab, under Settings in the Sign On Methods section you’ll see a note to View Setup Instructions.

  5. Select View Setup Instructions.

    Choose_to_View_setup_instructions_in_Okta___Tethr_customer_support.png

  6. Copy all contents within the Provide the following IDP metadata to your SP provider field, and send this metadata to your Creovai Integrations Specialist.

    Provide_the_IdP_metadata_from_Okta_to_your_Tethr_customer_support_specialist.png


Provide the IdP metadata to Creovai

To complete SAML SSO configuration for your organization, you'll need to provide Creovai the identity provider (IdP) SAML metadata file you created above, which helps Creovai understand how to communicate with Okta and how to request user authentication.

Forcing SSO by specific email domain

We recommend the organizations who work with Creovai enforce the use of SSO. To enforce SSO in your organization, provide a list of email domains you’d like SSO enforced on to your Creovai Integrations Specialist.

Creovai account activation and sign in experience

When a Creovai user needs to be activated and they’re using SSO, they should utilize the Sign in with Okta button rather than selecting the Activate account button, as shown below:

Tethr_activate_your_account_sign-in_with_Okta_SSO.png

 

If you’ve enabled SSO in your organization, your users’ login page will include a Sign in with Okta option as shown below:

Tethr_sign-in_with_Okta_SSO.png

Configure SAML SSO for a specific IdP

Configure SAML 2.0 single sign-on (SSO) in OneLoginGuide to SAML 2.0 single sign-on (SSO) settings for your team


Articles in this section


Was this article helpful?