Enable SSO With Okta as the Identity Provider

Single sign-on can be purchased with an Enterprise license.

Enabling single sign-on (SSO) for your domain within FeedOtter allows your Users to easily and securely log in to their accounts. This article will help you get set up if your IdP is Okta. For more general information on adding and using SSO with FeedOtter, check out Enable SSO in Your Account.

Overview

Here are the steps that need to be completed to setup SAML login with Okta and FeedOtter.

Create Okta FeedOtter App
Assign Okta users to FeedOtter Okta app
Enter Okta settings into your FeedOtter admin
Test SSO login

FeedOtter user accounts will automatically be created upon first login by a verified Okta FeedOtter user.

Create An Okta FeedOtter Application

Log in to your FeedOtter account using the OWNER user. You must be the FeedOtter Account Owner to setup single sign-on.
Once you've logged in to FeedOtter, head to Settings > Company Settings > Security > Single Sign-On.
Do not toggle Enable SAML just yet!
Take note of the Post-back URL and the Audience URI at the bottom of the page in your FeedOtter account. You will need to copy and paste this information into Okta. You will return to this page later to enable SAML and enter in your Okta certificate.

We try to keep our Okta screenshots up-to-date but due to UI changes on Okta's part things may not look 100% exact.

In Okta:

Navigate to Applications
Click Add Application
The type should be Web and the Sign on method should be SAML 2.0

Name your Okta app FeedOtter
Copy the logo URL from the FeedOtter App SAML setup screen to make things pretty.

Copy and paste the Post-back URL and Audience URI from FeedOtter to Audience URI (SP Entity ID) respectively.

Scroll down to the ATTRIBUTE STATEMENTS (OPTIONAL) section on this same page. Add 2 attributes here as shown below, then click Next.

Name

Name Format

Value

firstName

Unspecified

user.firstName

lastName

Unspecified

user.lastName

Select I'm an Okta customer adding an internal app.
Scroll to the bottom (skipping the other optional questions) and click Finish.
Choose the Sign On tab if not already on it.
Click on the button indicated below to display your certificate.

Enter Okta settings into your FeedOtter admin

It is very important that the certificate is copied exactly as provided by Okta. The certificate text should include the ----- BEGIN CERTIFICATE text as well as the closing text.

Return to FeedOtter and click the Enable SAML switch so it turns green.
A new area will open up for you to paste in details from your Okta app and certificate.

Please take care to match the input to the Okta descriptions. These change from time to time and are not in 1,2,3 order.

If desired enable the "Force SAML Sign-in" if you want users to only log in to FeedOtter via SSO with Okta. An Account Owner will always be able to log in to FeedOtter with their account password. Click the Save button.

Single-sign on with Okta is now configured!

A typical next step would be to assign the appropriate users access to the FeedOtter Okta application in Okta. There is no need to create a user in FeedOtter as a new sub-user will be created the first time an Okta user accesses FeedOtter via SSO.

Last updated 2 months ago