SSO setup with Okta
Setting up Okta and SAML 2.0 with Kazoo!
Requirements
To use Okta to log in to Kazoo, you will need the following components:
- A Kazoo subdomain
- Okta Single Sign-On Service enabled
- Your Okta SSO subject matter expert
***Important Note:*** If users will be accessing mobile app, please ensure that configuration allows access to SSO connections outside of the company’s network.
In order to properly set up Okta, you will need to know how to create your own app within your company’s application directory.
Setup Steps
How to create your own app within your company’s directory
1) Log in as an Okta admin and choose “Add Applications” at the top right of the dashboard.
Note: Clicking on the “Applications” header then “Add Applications” will also allow the user to add an application
2) Click on the “Create New App” button under the search bar to the left of the page and choose SAML 2.0 for the setup process.
3) Fill in the App name and add a logo (if available) and click Next
4) Now the SAML information will need to be added. The “General” section of this page is required for SAML applications.
Required:
- Single sign on URL:
- Company Okta sign on url - normally formatted:
https://<subdomain>.youearnedit.com/saml/acs
- Company Okta sign on url - normally formatted:
- Audience URI (SP Entity ID):
- Kazoo subdomain formatted:
<subdomain>.youearnedit.com
- Kazoo subdomain formatted:
Note: Do not include https://
or http://
as login attempts will throw errors
- Default RelayState:
- Leave blank unless your company has a specific application resource for IDP SSO login.
- Name ID format:
- Leave
Unspecified
unless otherwise instructed.
- Leave
- Application username:
- Defaults to Okta username - Must be customized if using EmployeeId instead of username or Email.
Additionally, there are advanced settings which are optional and available if explicit instructions are given to change them. (defaults are pictured below)
5) Once the all information is entered, click the “Preview SAML Assertion” button under section B. If a new page loads with an xml file with all the information filled out on the previous page, then go back to the page and click Next at the bottom right. If you receive an error, please correct the error on the previous page and repeat this process until the xml page loads with the correct information.
6) Click Next and reply appropriately. This page is required so that the Okta team can properly add the app to the correct part of the directory (Okta created apps or user created apps).
7) Click Finish and the app is now set up.
8) Admin will need to navigate to the app from the directory and click the “Assign” button to allow users access. Users may be added by group or individually.
Important!
Now that the app is in your company directory, click on “Applications” page and click on the Kazoo app within the app list.
Once there, click “Sign On” and please provide the Identity Provider metadata
to your Kazoo Customer Success launch representative.
As soon as the file is provided, we can update the platform to allow for Okta SSO.