Introduction
In this article, we’ll run through how you can integrate your Okta Identity Management Solution to allow employees to sign in to their Reward Gateway platform through it.
How to enable the Okta integration?
To enable Okta, log into Reward Manager, click on the Integrations tab on the left, and under the ”Explore” tab you will see the “Okta” application.
If you don’t have access please speak with your Client Success Manager or a member of the Client Support team who will assign your permissions.
Setup
Watch the following video which demonstrates the setup process step-by-step:
Initial Setup
Upload Certificate
Please note this should be in a .PEM format if you are copy-pasting or in a .CRT/.CERT format if you are uploading it.
Identity Provider URL
This should be the URL to access the Okta application directly.
Example URL: https://subdomain.okta.com/app/application_name/exkd77cxBAvH2TEci355/sso/saml
The Identity Provider URL can be found in the ‘View SAML setup Instructions’ section on the Okta admin dashboard.
The certificate can be found in the same section or under Applications > Single Sign-On > SAML Signing Certificates.
Mapping
-
Select the Identifier - this will be the main detail passed over to us to authenticate the user. If it’s a self-registration scheme, the identifier will be Employee/Payroll Number by default.
-
Select the SAML Identity Location - this tells our system where to look for the identifier.
- Identity is in the Name Identifier - our system will look for the ID in the NameID
- Identity is in an Attribute Element - it will look for the ID but under a different name
Just-In-Time Provisioning
If enabled, employees will be automatically provisioned. It will still allow them to create an account, even if we don’t have their details (ID/Email Address).
Testing
To test the integration, please try to log in with the test user who was assigned the app on the Okta Dashboard. To learn how to assign a user in Okta, see the Build a Single Sign-On (SSO) integration guide.
If the test is passed successfully, you will receive a confirmation message that your integration is ready to be published.
In case the attempt is unsuccessful, you will be able to see the error details on the Integration Dashboard. You will then need to rectify and re-attempt a login.
Publishing
To publish your integration, you need to go back to the Integrations dashboard, find your integration (which should be at a Pending status), then click Options > Publish > click the ‘Publish’ button. Your Integration will then appear as Live.