SAML SSO using Okta
atSpoke is excited to offer an integration with Okta. atSpoke's SAML integration relies on a user level token. To insure consistent delivery of SAML services, atSpoke best practices recommend using an admin service account such as IT@yourcompany.com to complete this integration.
The Okta/atSpoke (www.askspoke.com) SAML integration currently supports the following features:
- SP-initiated SSO
- IdP-initiated SSO
- JIT (Just In Time) Provisioning
For more information on the listed features, visit the Okta Glossary.
For atSpoke-specific SAML best practices, make sure you read the Before you Begin section.
Before you begin
- Assign the app to yourself in Okta for testing first.
- Only atSpoke Admins have the superpowers to enable SAML for the organization.
- After SAML is enabled, all non-admin members in atSpoke must log in with SAML. Admins who have not setup a password will be prompted by a banner in the web app. Admins can still log in with a password as needed.
- Because the SSO setup will log out all users and admins, it’s best to setup SAML when there are few users logged in. Whether it be before launch, or outside of business hours.
- atSpoke offers just in time provisioning. This means that if a user logs into atSpoke for the first time using SSO, an account will automatically be created.
Log into atSpoke and navigate to the Integrations menu.
- Navigate to Settings
- Select the Integrations Menu
- Find the SAML tile and choose Connect
Copy the following fields from your Okta setup page into the atSpoke Settings/SAML Page.
- Sign on URL
- Public certificate
- Press Test SAML connection
Once the test is completed, you can push Enable SAML
- Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to atSpoke.
- The following SAML attributes are supported:
- Go to: https://[your-subdomain].askspoke.com/login.
- Enter your email, then click the arrow icon:
- Click Log in with SSO: