Configure SSO for Okta

Configuring Okta for Tiled is split into two parts. The first part details how to configure the settings in Tiled and the second part covers how to configure the settings in your Okta Account.

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

Part 1: Tiled Settings

Identity Provider Metadata XML Required to enable SSO for Okta

Before enabling SSO for Okta be sure to have access to the Provider Metadata XML provided within your Okta Account. For more information please follow these instructions.

  1. Navigate to Account Settings.
  2. Under General Settings, scroll down to Configure single-sign on (SSO).
  3. Select Enable SSO or Force SSO.
  4. Select Okta.
  5. Add the Org Domain or Entity ID.
  6. Add the Identity Provider Metadata XML. Copy and paste the code generated from your account into this field. 
  7. Download the safety certification.
  8. Click Update Okta SSO Settings.
  9. Next, find the Auto Provisioning section, just below the SSO settings.
  10. Check the Enable Auto Provisioning box. Select a required Default Role, Default Library and Default Group for new users. Your selections will be auto-saved as you update the options. (If you have not configured any groups, this option will not be selectable.)

Part 2: Okta Settings

  1. In Okta, select the Sign On tab for the Tiled app, then click Edit.
  2. Encryption Certificate: Upload the certificate you downloaded in step 7.
    encryption_image.png
  3. Scroll down to the ADVANCED SIGN-ON SETTINGS section.

  4. Enter the Org Domain value you made a note of in step 5 into the corresponding field.
    Advanced_SSO_settings.png

  5. Click Save.

  6. Still in Okta, navigate to Security > API > Trusted Origins.

  7. Click Add Origin.
    add_origin.png

  8. Fill out the Origin information with the following:
    Name: Tiled
    Origin URL: https://app.tiled.co
    Type: Select CORS.
    add_origin2.png
  9. Click Save. Done!

Additional Info

The following SAML attributes are supported:

  • user.firstName
  • user.lastName
  • user.userName

The Okta/Tiled SAML integration currently supports the following features:

  • SP-initiated SSO
  • IdP-initiated SSO
  • JIT (Just In Time) Provisioning.

For more information on the listed features, visit the Okta Glossary.

Comments

0 comments

Please sign in to leave a comment.