Step by step guide on how to setup SSO with Okta.
1. Go to: https://www.okta.com/start-with-okta/ and select “Okta for Developers” which is located on the right side of the page
2. You will be forwarded to a new page where you will need to fill the required details in order to proceed.
You can use the same name you selected for your Humanity account.This is how we filled the information out:
3. Once you submit the information you will be sent to a new page on Okta and shortly after you will receive an activation e-mail from Okta. For an example we can see in the screenshot below our Okta org subdomain is : dev-184614, yours will be different and will be shown in both the e-mail and in the Okta page which is shown below.
4. Get your username(which is your e-mail) and your temporary password(it expires in 7 days since you receive it) and go to developer.okta.com to log in
5. Now we finalize the account creation process with Octa by selecting our password, secret question and an security image:
6. Once the registration process is finished you will be redirected to a new page. This page may differ from what you will see but the overall all layout may remain the same. Here we need to click on the Admin button which is in the upper right corner.
7. This will take you to a new page where we need to select "Applications" and select "Applications" under it, as shown in the screenshot:
8. Now we need to select to add a new application to our Okta account
9. Confirm that you want to "Create New App" so that we can begin the integration
10. In the pop-up that you receive select SAML 2.0
11. Decide on the name. We went with the best choice which is Humanity. You can also upload a logo of your choosing however I skipped over that.
12. Now, before we can proceed with the configuration within Okay we need to log in to your Humanity account.
Logging into Humanity
From this point you will have to make changes in your Humanity account so the next steps are addressing those changes.
13. Once logged in go to Settings > Single Sign-on and enable "SAML Enabled" and "Allow Password Login" respectively, as shown in the image below.
14. Copy "The Access Consumer Service (ACS) URL" for your account and paste it to Okta Single Sign On URL field and then copy the "The SAML Metadata URL" for your account from Humanity and paste it to Okta Audience URI (SP Entity ID) field and under "Name ID format" in Okta select "EmailAddress" and for "Application username" on the same page select "Email".
15. Next you will select "I'm an Okta customer adding an internal app" and click on FInish.
After finishing the setup you will need to configure Humanity Single Sign On.
1. Click on "View Setup Instructions" in Okta to get the necessary data which we will use in your Humanity account
2. Copy the "Identity Provider Single Sign-On URL" from Okta instruction page to "Humanity SAML Issuer URL" field and the "X.509 Certificate" from Okta instruction page to "Humanity X.509 Certificate" field and then click on "Save Settings".
3. Next, go to Directory>People within Okta and add people from your organization that are on your Humanity acount.
4. Once you added the user simply click on his name, which will take you to his/hers profile, and click on "Assign Application" and choose Humanity. That's it!
You can now test the connection for yourself or have the people you've added into Okta that have accounts in Humanity to try and login.
Copy the SAML Login URL from Humanity and paste it to new window of the browser
That link will redirect you to link under SAML Issuer URL, which is Okta login page at this case.
Login with your Okta credentials to the app, select Humanity app, and if everything goes right, you will be signed in to the Humanity app
Setting up SSO access for users on your child accounts
1. Go to Okta and sign in with your (admin) account. If you log in with an employees account you won't be able to add users which is what we need to do.
2. Here we can see the Humanity Application we previously setup. Click on Admin in order to proceed.
3. Now, if you have just a few users you could go to Directory>People(marked with green) and add them and individually assign the application to them however we will proceed with bulk assigning in Applications>Applications(marked in red) in case that you have more users and do not wish to assign them individually.
4. This will take us to a new page where we need to click on "Assign Applications" so that our users can use the application properly.
5. If you click on the check box next to the "Application & Label" as well as next to "Person & Username" that will select every application and every user respectively. As we only have Humanity as an app and want all our users to have access to it that's just what we'll do.
6. Now we simply confirm that we wish for this action to occur and all users listed, regardless of the account they are on (If they are on the parent account or on one of the child accounts) they will only have access to their account.
It's important to note that every user on your accounts should have a unique e-mail address, so a user on the parent account and on the child should have different e-mails and same goes for users on different child accounts.