This article will walk you through how to set up SSO for Intricately using the OpenID Connect (OIDC) protocol. This guide assumes you're using Okta as your Identity Provider (IdP).
Not using Okta? Contact us!
Prerequisites
- You must be an Enterprise customer
- You must have access to SSO enabled for your plan. Contact us to get this set up!
- You must be a Team Admin.
- You must have an existing Identity Provider (IdP)
Configuration Steps
Setup covers the following steps:
- Select Your SSO Protocol
- Get your Intricately Team SSO ID
- Configure Okta
- Set User Permissions
- Save IdP Credentials
- Enter IdP Credentials
- Activate SSO
- Validate SSO
Step 1 - Select Your SSO Protocol
-
Log into your Intricately Account.
-
Navigate to the user menu in the top right and select SSO Configuration.
- Select OIDC as your SSO Protocol.
- Once you've selected a protocol, the SSO Configuration form will update to walk you through the relevant steps.
Step 2 - Get your Intricately Team SSO ID
-
Copy the Intricately Team SSO ID. This is the 8 digit alphanumeric ID shown under INFORMATION YOUR SSO WILL NEED. This ID is unique to each team in Intricately.
- Save this ID-- it will be required in the next steps for configuration in Okta.
Step 3 - Configure Okta
-
Log in to your Okta account as an administrator.
- Next, we'll find and add the Intricately Okta application. Head to Applications > Browse App Catalog > search for "Intricately"
- Select the Intricately OIDC application and click Add.
- Fill out the required settings, then click Done to finish adding the app.
- In the settings for the Intricately app you've just added, head to Sign On > Advanced Sign-On Settings and enter the Intricately Team SSO ID you saved in Step 1. Click Save to confirm the changes.
Step 4 - Set User Permissions
When SSO is enabled, you'll control who can access Intricately from your IdP. It's important to provision access before you activate SSO, to ensure that your team will be able to log in once SSO is active and required.
In Okta, use the Assignments tab to manage who can use Okta authentication to log in to Intricately. You have two options:
-
Use the People option to assign individual users the ability to authenticate via Okta
-
Use the Groups option to create a group of users that can be assigned the ability to authenticate via Okta
Step 5 - Save IdP Credentials
Now that you've configured Okta, you'll need to extract your IdP credentials! You'll enter these within Intricately to finalize the SSO setup.
Save the following credentials from Okta:
-
Client ID and Client Secret (found in the Client Credentials section under the Sign On tab)
-
Your Okta Org domain URL (for example, samplesubdomain.okta.com)
Step 6 - Enter IdP Credentials
Head back to Intricately, and navigate back to SSO Configuration. You'll enter the information you extracted from your IdP under INFORMATION FROM YOUR SSO.
Metadata Driven Configuration (Preferred configuration)
Enter the following info:
- Enter the Okta Org domain URL under Well Known Config URL
- Enter the Client ID under Client ID
- Enter the Client Secret under Client Secret
Manual Entry Configuration (if needed)
If your IdP does not have a well-known config, you will need to enter the metadata for the IdP manually. This is usually only the case when your company has created its own in-house IdP.
You can proceed with Manual Entry by clicking "Manual Entry" in the "Information from your IdP" section of the settings window and filling in the fields with the information from your IdP.
You will need:
-
Authorization endpoint URL - sample format is “https://{Your Okta Domain URL}/oauth2/v1/authorize”
-
Token endpoint URL - sample format is “https://{Your Okta Domain URL}/oauth2/v1/token”
-
Userinfo endpoint URL - sample format is “https://{Your Okta Domain URL}/oauth2/v1/userinfo”
-
Client ID - generated when you created Intricately App in your IdP
-
Client Secret - generated when you created Intricately App in your IdP
Step 7 - Activate SSO
-
Ensure that you've completed all the setup steps above, including provisioning access to users.
- Confirm that you're ready to activate SSO. Once you activate:
- All users on the team will automatically be logged out of Intricately
- Authentication via social login (Google, Salesforce, or LinkedIn) will be disabled for your team
- All users will be required to authenticate to Intricately via SSO
-
Once you're sure you're ready to activate SSO, click the SSO Authentication toggle to turn it on:
Step 8 - Validate SSO
Test your configuration via the Intricately login process.
-
Ensure you are logged out. Then return to the Intricately web application.
-
Select SSO from the login options.
-
Enter your work email and hit Submit.
-
The web page will redirect to your IdP Org login page, if you don’t have an active IdP session in your browser. You can enter your IdP credentials and you will be redirected and signed in to Intricately Application.
-
If you have an active IdP session in your browser, then you will be seamlessly logged in to Intricately Application.
-
Test your configuration through your IdP console:
-
Login to your IdP and go to the list of available applications.
-
Click on Intricately app to automatically login to Intricately Application.
You've now successfully set up SSO for Intricately!
Comments
0 comments
Please sign in to leave a comment.