Okta provides secure identity management and single sign-on for web and mobile applications. With the Oktopost Okta app, you can easily set up single sign-on with Okta serving as your Identity Provider.
Prerequisites
To set up the integration you need to have admin access to both Oktopost and Okta.
Supported Features
The Oktopost Okta app currently supports the following features:
- Service Provider (SP) initiated SSO
- Identity Provider (Idp) initiated SSO
For more information on the listed features, visit the Okta Glossary.
Configuration steps
- Log into your Oktopost account as an administrator.
- Go to Settings > Security > Single Sign-on.
- Select Yes from the Enable Single Sign-on drop-down menu.
- Enter the following information from the Sign On application tab of the Okta Admin Dashboard:
- SAML endpoint
- Issuer URL
- X-509 Certificate, saved as okta.cert
- Do not check Require SSO until you have tested SAML successfully.
- Make sure to save your changes.
European Customers
If you log into Oktopost through eu-app.oktopost.com or eu-board.oktopost.com then you will need to create a custom Okta app in order to log via SSO.
Creating a custom Okta app
- Create a new app integration with sign in method: SAML 2.0 and a custom name (maybe: Oktopost SSO)
- In the Configure SAML section, use the following details:
- Single sign-on URL: https://eu-app.oktopost.com/auth/acs
- Audience URI (SP Entity ID): urn:oktopost:sp
- Default Relay State: 1 (or 2 if setting up SSO for the board
Notes
SP-initiated SSO
To log into Oktopost via SSO, navigate to https://app.oktopost.com/auth/login-sso and enter your SSO email before clicking Sign in.
Advocacy Board
If you want to set the Okta app to log in to https://board.oktopost.com, in Okta, set the Default Relay State to 2. Without this field set, it will log in to https://app.oktopost.com by default.