Configuring Okta as an Identity Provider for AchieveIt
Log in to your Okta account. If you don't already have one, you will need to create one.
On the general Okta dashboard, click Admin. This takes you to the Okta Admin Dashboard.
Using the list of shortcuts at the right-hand side of the screen, click Add Applications.
On the Add Application page, select Create New App.
On the Create a New Application Integration pop-up window, select the Platform for your application, and choose SAML 2.0 as the Sign on method. Click Create to proceed.
You will now create your SAML integration. On the General Settings page, provide the following:
- App name: AchieveIt
- App logo (optional);
- App visibility: select whether you want your users to see your application icon and in what settings.
Click Next to proceed.
Next, you will see the SAML Settings page. Enter the following values into the appropriate fields:
- Single sign on URL: https://achieve-it.auth0.com/login/callback?connection=CONNECTION_NAME
- Audience URI (SP Entity ID): urn:auth0:achieve-it:YOUR_CONNECTION_NAME (The connection name will be provided by AchieveIt)
Name ID format: EmailAddress
Application username: Email
You will also need to add the following Attribute Statement:
- Name: email
- Name format (optional): Unspecified
- Value: ${user.email}
At this point, you can click Preview the SAML Assertion to generate XML you can use to verify that your provided settings are correct.
Click Next to proceed.
Lastly, answer Are you a customer or partner? by selecting I'm an Okta customer adding an internal app. Click Finish.
You'll be directed to the Sign On page for your newly-created app. Click on View Setup Instructions to complete the process.
Take note of the Identity Provider Single Sign-On URL, and download a copy of the X.509 certificate, then send this certificate to AchieveIt.
Make sure to assign users that are able to access AchieveIt to the created application. This is done by clicking the ‘Assignments’ tab under the application.
You also have the option of changing the sign-on rule to allow all users to access the app.
The last step is to test the connection by signing into AchieveIt.
A user will need to have an AchieveIt user license associated with their email address in AchieveIt before they will be able to login.