Enable SSO With Okta as the Identity Provider
Last updated
Last updated
Single sign-on can be purchased with an Enterprise license.
Enabling single sign-on (SSO) for your domain within FeedOtter allows your Users to easily and securely log in to their accounts. This article will help you get set up if your IdP is Okta. For more general information on adding and using SSO with FeedOtter, check out Enable SSO in Your Account.
Here are the steps that need to be completed to setup SAML login with Okta and FeedOtter.
Create Okta FeedOtter App
Enter Okta settings into your FeedOtter admin
Assign Okta users to FeedOtter Okta app
FeedOtter user accounts will automatically be created upon first login by a verified Okta FeedOtter user.
You'll need to be the FeedOtter Account Owner or Administrator to setup single sign-on.
Once you've logged in to FeedOtter, head to Settings > Company Settings > Security > Single Sign-On.
Do not toggle Enable SAML just yet!
Take note of the Post-back URL and the Audience URI at the bottom of the page in your FeedOtter account. You will need to copy and paste this information into Okta. You will return to this page later to enable SAML and enter in your Okta certificate.
In Okta:
Navigate to Applications
Click Add Application
The type should be Web and the Sign on method should be SAML 2.0
Name your Okta app FeedOtter
Copy the logo URL from the FeedOtter setup screen to make things pretty.
Copy and paste the Post-back URL and Audience URI from FeedOtter to Audience URI (SP Entity ID) respectively.
Scroll down to the ATTRIBUTE STATEMENTS (OPTIONAL) section on this same page. Add 2 attributes here as shown below, then click Next.
firstName
Unspecified
user.firstName
lastName
Unspecified
user.lastName
Select I'm an Okta customer adding an internal app.
Scroll to the bottom (skipping the other optional questions) and click Finish.
Choose the Sign On tab if not already on it.
Click on the button indicated below to display your certificate.
At this point return to FeedOtter and click the Enable SAML switch so it turns green.
Copy and paste the certificate and URLs into the related inputs.
Please take care to match the input to the Okta descriptions. These change from time to time and are not in 1,2,3 order.
If desired enable the "Force SAML Sign-in" if you want users to only log in to FeedOtter via SSO with Okta. An Account Owner will always be able to log in to FeedOtter with their account password. Click the Save button.
Single-sign on with Okta is now configured!
A typical next step would be to assign the appropriate users access to the FeedOtter Okta application in Okta. There is no need to create a user in FeedOtter as a new sub-user will be created the first time an Okta user accesses FeedOtter via SSO.