Okta - Configuring Single Sign-On Authentication

Learn how to configure Single Sign-On using SAML protocol in Okta to authenticate users to your Staffbase platform.

Employee App
Front Door Intranet

In this article, you will learn how to set up using the protocol in Okta. SSO is an authentication method that allows users access to multiple applications with a single account. This will allow you to onboard your users using SSO and let them access the Staffbase platform using the same credentials they use to access other platforms in your organization.

SSO is optional for user management. You can choose an option based on your business requirements. Learn more about other options.

  • You have access to the Okta Admin Console.
  • You need to be able to add/manage applications in Okta.
    The administrator adding an app integration must be a super admin for the Okta organisation. After the app integration is added to the Okta organisation, app admins can configure and assign the app integration to the appropriate users and groups. Read more on Standard administrator roles and permissions here.

For creating an app integration in Okta, you need to receive the following:

  • Single sign on URL: The Reply URL directs Okta where to send its SAML Response after authenticating a user.
  • Audience URI (SP Entity ID): The Identifier acts as a unique identifier for your Staffbase platform domain in Okta.

You need to create an App Integration in Okta to set up SSO.

Staffbase recommends creating a dedicated application to maintain users for your Staffbase platform. If you want to configure SCIM for user provisioning, you are able to use a single app integration for both SSO and SCIM for your user management.

  1. In the Okta Dashboard / Admin Console, go to Applications > Application.
  1. Click Create App Integration.
  1. Select SAML 2.0 and click Next.
  1. Provide a name for the application in the General Settings. For example, Staffbase SSO or something similar to help you instantly identify the application.
  1. On the next screen, you need to specify the required SAML settings.
  • Single sign on URL: The URL you received from Staffbase for SSO.
  • Audience URI (SP Entity ID): The URI you received from Staffbase.
  • Application username: Select what to set as an identifier within Staffbase.

The Application username (Name ID) value and the identifier in your Staffbase platform must match for each user using SSO.

If you want to use a different value from the one already in place for your users in your Staffbase platform, you will need to update the user identifiers in your Staffbase platform first. In such a case, ensure that all future user management also includes these new identifiers.

  • Attribute Statements (optional): Click Add Another and add the following attributes:

** For Staffbase this is NOT optional. This is where you set the mapping for the profile fields from Okta to Staffbase.

  1. Select an option to indicate if you’re configuring for your organization or a customer, and click Finish.
  1. Under Metadata details, click Copy for the Metadata URL and save it for later.

Provide the following information to Staffbase:

  • Metadata URL

You can copy the Metadata URL in step 8 of the Creating an App Integration section.

After creating the app integration, you can decide on which Okta users need access to the Staffbase platform using SSO.

Staffbase recommends adding a few users initially to test that everything works as expected.

  1. In the app integration you created, click Assignments.

The Assignments tab opens.

  1. Search for the user or group you want to add and click Assign.
    You have assigned users or groups to the app integration.

After you have provided Staffbase Support with the Metadata URL, you will be informed when SSO was added to your Staffbase instance and is ready for testing.

After testing the SSO authentication works as expected, you can add all users and/or groups in Okta to the app integration.

You have configured and enable SSO for your Staffbase platform.