Setting up SSO on Okta

These instructions are for reference only. When implementing a SAML integration, consider company-specific security policies and best practices. These instructions cover the configuration of SAML on the IdP's side and contain IdP-specific details. 

This article details how to set up an application on Okta for an SSO setup with Haiilo.

Important: SSO Pre-Configuration Steps. If you are planning to allow users to self-select their own groups during onboarding, you must configure the "Can users self-register" and "Email domains" settings in Invitations & Registrations for each group before activating SSO. These settings remain active and govern which groups users can self-select during the onboarding process, even with SSO enabled. If you're using SCIM, you can ignore these settings.

1. Download the metadata from Haiilo

Only a Company Admin can set up Single Sign-On on Haiilo.

  1. On your Haiilo platform, go to Administration > Settings > Single Sign-On.
  2. Select Download metadata file.

2. Set up an application on Okta

You need admin rights in your Okta account to create an application.

Create the application

  1. Log in to the Okta Platform.
  2. Go to Applications > Applications > Create App Integration.
  3. Choose SAML 2.0 as the Sign-in method.
  4. Select Next.
  5. Give your app a name, e.g., Haiilo, and upload a logo.
  6. Select Next.
  7. In the SAML Settings window, you need to configure the following fields. The information to input can be found in the metadata file downloaded from your Haiilo Advocacy platform. If there are additional fields in Okta that aren't mentioned here, you do not need to fill them out.
    • Single Sign-on URL: Enter the Location value from the metadata file. Check the option for "Use this for Recipient URL and Destination URL."
    • Audience URI (SP Entity ID): Enter the entityID value from the metadata file.

    • Attribute Statements: Enter these values exactly as displayed below.

      Name Name format Value
      EmailAddress Unspecified user.email
      FirstName Unspecified user.firstName
      LastName Unspecified user.lastName
  8. Select Next.
  9. The Feedback section is not relevant. Select Finish.

Assign users to the application

To ensure that your users can log in to Haiilo using SSO, they must be assigned to the application in Okta. You can assign all users during the setup process or at a later time closer to your launch date. However, during setup, you must assign at least one Company Admin who will complete the SSO setup in Haiilo.

  1. Go to the Assignments tab
  2. Select Assign.
  3. Select the people or groups that you want to assign to the application.
  4. Select Done.

Download the metadata

  1. Go to the Sign On tab.
  2. Copy the Metadata URL.
  3. Open a new browser tab and paste the copied metadata URL to view the file.
  4. Download the file to your computer by selecting Save in your browser (Ctrl + S or Cmd + S). It should be saved as an .xml file.
okta sso.png

3. Finalize the SSO setup on Haiilo

  1. Go back to Haiilo > Administration > Settings > Single Sign-On.
  2. Upload the metadata you downloaded from Okta by selecting Upload metadata file.
  3. Then, select Test the configuration. You will be directed to test the login. If the login flow works and you can access Haiilo, the configuration has been successful.
    • If you receive an error from Haiilo, please see the "I get an "Oops" error with SAML SSO. Why?" article.
    • If you receive an error from your identity provider, please ensure your account has been assigned to the application and you are allowed to access it.
  4. If everything works as expected, enable SAML by toggling the Enable SAML switcher.

 

Was this article helpful?

0 out of 0 found this helpful