Configuring AchieveIt SSO with Okta using SAML

Configuring Okta as an Identity Provider for AchieveIt

Log in to your Okta account. If you don't already have one, you will need to create one.

On the general Okta dashboard, click Admin. This takes you to the Okta Admin Dashboard.

Okta Dashboard

Using the list of shortcuts at the right-hand side of the screen, click Add Applications.

Okta Admin Dashboard

On the Add Application page, select Create New App.

Create New Okta App

On the Create a New Application Integration pop-up window, select the Platform for your application, and choose SAML 2.0 as the Sign on method. Click Create to proceed.

Create New app Integration

You will now create your SAML integration. On the General Settings page, provide the following:

  • App name: AchieveIt
  • App logo (optional);
  • App visibility: select whether you want your users to see your application icon and in what settings.

SAML Integration General Settings

Click Next to proceed.

Next, you will see the SAML Settings page. Enter the following values into the appropriate fields:

  • Single sign on URL: https://achieve-it.auth0.com/login/callback?connection=CONNECTION_NAME
  • Audience URI (SP Entity ID): urn:auth0:achieve-it:YOUR_CONNECTION_NAME (The connection name will be provided by AchieveIt)

Name ID format: EmailAddress
Application username: Email

You will also need to add the following Attribute Statement:

  • Name: email
  • Name format (optional): Unspecified
  • Value: ${user.email}

SAML Integration Configure SAML

At this point, you can click Preview the SAML Assertion to generate XML you can use to verify that your provided settings are correct.

Click Next to proceed.

Lastly, answer Are you a customer or partner? by selecting I'm an Okta customer adding an internal app. Click Finish.

SAML Integration Feedback

You'll be directed to the Sign On page for your newly-created app. Click on View Setup Instructions to complete the process.

Okta App Sign On

Take note of the Identity Provider Single Sign-On URL, and download a copy of the X.509 certificate, then send this certificate to AchieveIt.

Configuration Information

Make sure to assign users that are able to access AchieveIt to the created application. This is done by clicking the ‘Assignments’ tab under the application.

 

You also have the option of changing the sign-on rule to allow all users to access the app.

The last step is to test the connection by signing into AchieveIt. 

A user will need to have an AchieveIt user license associated with their email address in AchieveIt before they will be able to login.