Okta - Configuring Single Sign-On Authentication

In this article, you will learn how to set up SSO using the SAML protocol in Okta. SSO is an authentication method that allows users access to multiple applications with a single account. This will allow you to onboard your users using SSO and let them access the Staffbase platform using the same credentials they use to access other platforms in your organization.

• You have access to the Okta Admin Console.
• You need to be able to add/manage applications in Okta.
  The administrator adding an app integration must be a super admin for the Okta organisation. After the app integration is added to the Okta organisation, app admins can configure and assign the app integration to the appropriate users and groups. Read more on Standard administrator roles and permissions here.

For creating an app integration in Okta, you need to receive the following:

• Single sign on URL: The Reply URL directs Okta where to send its SAML Response after authenticating a user.
• Audience URI (SP Entity ID): The Identifier acts as a unique identifier for your Staffbase platform domain in Okta.

You need to create an App Integration in Okta to set up SSO.

1. In the Okta Dashboard / Admin Console, go to Applications > Application.

2. Click Create App Integration.

3. Select SAML 2.0 and click Next.

4. Provide a name for the application in the General Settings. For example, Staffbase SSO or something similar to help you instantly identify the application.

5. On the next screen, you need to specify the required SAML settings.

• Single sign on URL: The URL you received from Staffbase for SSO.
• Audience URI (SP Entity ID): The URI you received from Staffbase.
• Application username: Select what to set as an identifier within Staffbase.

If you want to use a different value from the one already in place for your users in your Staffbase platform, you will need to update the user identifiers in your Staffbase platform first. In such a case, ensure that all future user management also includes these new identifiers.

• Attribute Statements (optional): Click Add Another and add the following attributes:

• Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

  • Name format: URI Reference

  • Value: user.email

• Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

  • Name format: URI Reference

  • Value: user.firstName

• Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

  • Name format: URI Reference

  • Value: user.lastName

7. Select an option to indicate if you're configuring for your organization or a customer, and click Finish.

8. Under Metadata details, click Copy for the Metadata URL and save it for later.

Provide the following information to Staffbase:

• Metadata URL

After creating the app integration, you can decide on which Okta users need access to the Staffbase platform using SSO.

1. In the app integration you created, click Assignments.

The Assignments tab opens.

2. Search for the user or group you want to add and click Assign.
   You have assigned users or groups to the app integration.

After you have provided Staffbase Support with the Metadata URL, you will be informed when SSO was added to your Staffbase instance and is ready for testing.

After testing the SSO authentication works as expected, you can add all users and/or groups in Okta to the app integration.

You have configured and enable SSO for your Staffbase platform.

• Okta - Create SAML app integrations
• Okta - Assign applications to users
• Okta - Assign an app integration to a group