This article will walk you through how to set up SSO for Intricately using the SAML 2.0 protocol and Okta.
Prerequisites
- You must be an Enterprise customer
- You must have access to SSO enabled for your plan. Contact us to get this set up!
- You must be a Team Admin.
Configuration Steps
Step 1 - Select Your SSO Protocol
-
Log in to your Intricately account.
-
Navigate to the user menu in the top right and select SSO Configuration.
-
Select SAML 2.0 as your SSO Protocol.
Step 2 - Get Your Single Sign-On URL and Audience URI
First, copy and save the Intricately information you'll need to provide to Okta configuration.
-
In the SSO Configuration form, copy and save the Single Sign-On URL:
-
Copy and save the Audience URI:
You'll need these in the next step.
Step 3 - Configure Settings in your Okta admin
-
Log in to your Okta admin dashboard.
-
In the sidebar menu, navigate to Applications → Applications and click the Create App Integration button.
-
Choose the SAML 2.0 option and click Next
-
You'll be redirected to a form with 3 steps: General Settings, Configure SAML and Feedback. First, fill in the name you want to give to your App Integration and hit Next.
-
Now you will add the Single Sign-On URL and Audience URI you have copied from Intricately's page.
-
On this same page, you will scroll down until you see the Attribute Statements section. Then you'll add the email attribute just like the image below and then you can hit Next.
-
Then you finish the App Integration creation filling up the Feedback info at will.
Step 4 - Get Your IdP XML Metadata
-
Still within your Okta dashboard, go to your App Integration page and find the Sign On tab.
-
You should click the View SAML setup instructions button on the right side of your screen.
-
You will be redirected to a page that you should scroll down to the bottom and copy the XML generated. Make sure you've copied the whole content and not only the first line.
-
The content should be similar to the image below.
-
Now, log back in to Intricately and open the SSO Configuration page. Paste the Metadata XML text into the configuration form.
-
Click SAVE CONFIGURATION. This will save the values you input-- without activating SSO for the team yet.
Step 5 - Set User Permissions
When SSO is enabled, you'll control who can access Intricately from your Okta. It's important to provision access before you activate SSO, to ensure that your team will be able to log in once SSO is active and required.
-
In your Okta dashboard, find the section Directory → Groups, where you can create a group or add an existing group to your integration.
-
Click in the group you want to give access and find the tab Applications and click Assign applications, assigning the App Integration you have just created for Intricately.
-
Make sure the users are assigned to the group you gave access to the application.
-
Return to Intricately's page.
Step 6 - Activate SSO
-
Ensure that you've completed all the setup steps above, including provisioning access to users.
-
Confirm that you're ready to activate SSO. Once you activate:
- All users on the team will automatically be logged out of Intricately
- Authentication via social login (Google, Salesforce, or LinkedIn) will be disabled for your team
- All users will be required to authenticate to Intricately via SSO
-
Once you're sure you're ready to activate SSO, click the SSO Authentication toggle to turn it on:
Step 7 - Validate SSO
Test your configuration via the Intricately login process.
- Ensure you are logged out. Then return to the Intricately web application through this link: https://my.intricately.com/login?sso=true
- Enter your work email and hit Submit.
- The web page will redirect to your Okta Org login page, if you don’t have an active Okta session in your browser. You can enter your Okta credentials and you will be redirected and signed in to Intricately Application.
- If you have an active Okta session in your browser, then you will be seamlessly logged in to Intricately Application.
You've now successfully set up SSO for Intricately!
Comments
0 comments
Article is closed for comments.