Integrating Authomize into Okta with SSO
This document describes how to Integrate Authomize into Okta’s Single Sign On (SSO) function.
Single sign-on (SSO) allows seamless authentication for end users. When enabled, cloud services (including Authomize) use your identity provider to authenticate user identity and roles on your enterprise directory.
In other words, once a user has signed into Okta, they can launch any other integrated-with-Okta application without needing to sign in again (as long as they have an account on that application).
Okta integration workflow
Integration
As shown above, integrating Authomize with Okta has six distinct stages:
Integrating Authomize into Okta.
Setting up Authomize for SAML 2.0.
Checking that Authomize was integrated into Okta.
Assigning Employees to the Authomize App on Okta.
Setting up Authomize for SSO
- Log into Authomize.
- Go to Settings > SSO and fill in the form:
-
- Click to Enable SSO
- Enter a Title
- Enter email domains (separated by commas)
- Identity provider’s SSO URL (automatically provided by your IdP)
- Certificate (will be provided later by your IdP)
- Keep this page open in a browser as you will need to copy and paste the Single sign on URL and Audience URI fields from the bottom of the SSO Settings page) into Okta’s integration page.
Integrating Authomize into Okta
- Log into Okta and go to the Applications page:
- Click the Create App Integration
- In the Create a new app integration page, select SAML 2.0 and click Next.
- In the ❶ General Settings of the Create SAML Integration page, supply an App Name and a logo.
- Load Authomize’s logo (to easily identify the Authomize integration on Okta). Then click Apply.
- When you see the logo on the Create SAML Integration page, click Next.
- This opens the ❷ Configure SAML tab in the Create SAML Integration.
- Copy the Single sign on URL from Authomize’s SSO Settings dialog to the Single sign on URL field in the SAMML Settings.
- Copy the Audience URI from Authomize’s SSO Settings dialog to the Audience URI field in the SAMML Settings.
- Select Email for the Application username field and then click Next.
- In the Help Okta Support dialog, select I’m an Okta customer, and for App type click the This is an Internal App box and then click Finish.
- In the Authomize page on Okta, click the View SAML setup instructions button.
- The setup instructions look like this:
Authomize SSO Settings
- In Authomize, go to Settings > SSO.
- Confirm that Enable SSO is enabled and email domains are listed.
- Copy the Identity Provider Single Sign-on URL from the SAML Setup Instructions page to the Identity Provider SSO URL field in the Authomize SSE Settings
- Copy the 509 Certificate from the SAML Setup Instructions page to the Public x509 certificate field in the Authomize SSE Settings page.
- Click Save Configuration.
Note: Authomize can only integrate with one SSO at a time.
Checking that Authomize was integrated into Okta
Check Okta Applications to confirm that Authomize was integrated.
You can click on Authomize SOC2 to see more details.
If you go to the Assignments tab you will see a list of employees with Authomize access privileges.
Note: There is no automatic update of Authomize users on Okta.
The section below describes how to Assign Authomize users to Okta.
Assigning Employees to the Authomize App on Okta
If your company uses Okta for SSO, you can assume that all employees are already registered on Okta. If your company just integrated Authomize, you can also assume that Authomize users have not yet been assigned, on Okta (as Authomize app users).
Employees who are not Authomize admins or A.R. reviewers may try to launch Authomize, but, they will not be granted access by Authomize. To avoid such awkward situations, it’s best to mark all employees that use Authomize, as Authomize app users on Okta. This way, non-Authomize users will not see Authomize from the SSO.
- To do this go to the Okta > Directory > People page and click on an Authomize user.
- Click Assign Authomize to the user.
- In the Assign Applications dialog opens, click Save and Go Back.
- When the employee page opens, you will see that the employee is an Authomize user.
Testing the Integration
- Go to Authomize and log in with the new user’s credentials.
- If the SSO is working, it will appear as a login option. Click it.
- Enter your credentials in Okta’s login dialog.