Enable SSO with Okta

Andre Larsen
Andre Larsen
  • Updated

Set up SSO integration with Okta and configure settings to allow users to access EveryoneSocial by authenticating with Okta.

🔸 Okta requires a user have an administrator role to integrate SSO.

🔹 This is available on the Enterprise and Unlimited User plan.

Create a new app integration

We support SAML 2.0 and OIDC for sign-on methods.

Integrate with SAML

Here is the information to integrate Okta’s SAML 2.0. Please enter the following information in the respective fields in Okta.

  • Single Sign on URL: https://YOUR_SUBDOMAIN.everyonesocial.app/sso
    🔸 Update YOUR_SUBDOMAIN to the custom subdomain applied to your company’s Workspace.
    🔹 “Use this for Recipient URL and Destination URL” should not be selected.
  • Recipient URL: https://auth.everyonesocial-prod.com/saml2/idpresponse
  • Destination URL: https://auth.everyonesocial-prod.com/saml2/idpresponse
  • Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-east-1_Njik3uRLR
  • Name ID format: Select “EmailAddress.”
  • Application username: Select “Email.”
  • Update application username on: Select “Create and update.”

Here is an example of how to configure SAML 2.0.

okta SAML example configuration.png

Enter the following Attribute Statements.

okta attribute statements example.png

Click Next, then click Finish when all is entered.

Additional SAML attribute mappings

EveryoneSocial can map additional attributes to populate during the onboarding process, including users' full name, department, and location.

Please tell us which attributes are required to be mapped to ensure attributes exist in EveryoneSocial and that these match the ones in the your system.

Below is an example of what this may look like in Okta.

okta additional saml attributions example.png

Test the SAML integration

Once the steps above are complete, we will need to add the “Identity Provider metadata” to complete the integration.

Locate and download the Identity Provider metadata.

okta idp metadata download example.png

Send this to EveryoneSocial Support. Once received, we will integrate the metadata and arrange a call to test the SSO integration before going live.

Assign access with user provisioning

At this point, you can set up Just-In-Time provisioning within OKTA to determine which users have access to EveryoneSocial. (This can also be filtered on our end if JIT Provisioning is disabled.)

You can also set up SCIM provisioning within OKTA. You'll need EveryoneSocial's details on SCIM provisioning.

Integrate with OIDC

Here is the information to integrate with Okta’s OpenID Connect (OIDC). Select OIDC and Web Application to get started.

okta OIDA integration example.png

Enter the following information in the respective fields in Okta. Default values are acceptable if nothing has been specified.

okta OIDC configuration entry example.png

Click Next then click Finish when all is entered.

Test the OIDC integration

Once these steps are complete, we will need the following information to complete the integration.

  • Client ID
  • Client Secret
  • Okta ID

Okta OIDC information to complete integration.png

Send this to EveryoneSocial Support. Once received, we will integrate the metadata and arrange a call to test the SSO integration before going live.

Resources

Here is a downloadable file of the EveryoneSocial icon if you want to use it to represent the integration.

Was this article helpful?