n this article, we’ll run through how our clients can seamlessly integrate their Okta Identity Management Solution to allow employees to sign in to their Reward Gateway platform through it.
Before continuing, we recommended reading: Guide to SAML Integration Settings
How do clients enable the Okta integration?
To enable the Okta integration, clients need to log into Reward Manager, go to the Integration Dashboard and search for “Okta” under the ”Explore Integrations” tab.
Select the integration and turn it “On” using the toggle button in the top right-hand side.
Setup Okta for Reward Gateway
To enable a SAML application on Okta, please follow the support documentation on Okta: https://developer.okta.com/standards/SAML/setting_up_a_saml_application_in_okta
Step 1: General SAML Settings
Clients should then go back to integration page on Reward Manager, where they will see the required information to fill these settings:
Single Sign-On URL: This should be the SAML Assertion Consumer URL (ACS) url displayed on the screen.
Audience URI: This should be the Entity ID displayed on the screen.
Step 2: Outgoing Attributes
Keep a record of the attributes that are mapped here as these will be needed to complete the setup on Reward Manager later.
Step 3: Download Identity Provider Metadata (Or view setup instructions)
Clients can download the Identity Provider metadata or view setup instructions to get a copy of the Signing certificate used by Okta. This will again be required to complete the setup on Reward Manager.
Step 4: Assign an application to a test employee
Assign the application to a test employee so that the testing can be completed on Reward Manager.
Setup Reward Gateway for Okta
For additional help understanding the settings on the setup, please refer to this article.
Now that the Okta setup is complete, we can go ahead and complete the setup of the integration on Reward Manager. Go back to the integration page for Okta, and start with the initial step.
Step 1: Upload Certificate
Upload the certificate obtained from the Step 3 above. Please note this should be in a .PEM format if you are copy pasting or in a .CRT format if you are uploading it.
Step 2: Identity Provider URL
This should be the url for our clients employees to access the okta application directly. Clients should go to the Application Page on Okta and select the Sign On tab where they should see a View Setup Instructions button.
Select this option and find where it displays “Copy the following link in the same email as IdP URL” under the Configure Steps section.
This url should be used as the identity provider url on Reward Gateway.
I.e. https://subdomain.okta.com/app/application_name/exkd77cxBAvH2TEci355/sso/saml
Step 3: Mapping
We now need to map the attributes mapped on Step 2 on Okta to Reward Gateway. Clients should ensure they have all the required fields on Reward Gateway mapped.
Step 4: Testing
To test the integration, clients should login with the test employee who was assigned the app. Access the newly created SAML application and then see a corresponding log on Reward Manager.
If any errors were made in the setup, they will be displayed here. Clients need to fix them and attempt to sign in again. Once the testing has passed, clients will be allowed to review and publish their integration.
Step 5: Launch
After the connection has been tested and published by the client, their Client Success Manager and their Implementation Specialist for their program will both get an email sent to them to approve this.
Once approved, it will be launched automatically and our clients employees can start using their AD account to login to their Reward Gateway program.
Comments
0 comments
Please sign in to leave a comment.