In this article, we go over how to set-up Custom OKTA Application (SAML SSO with OKTA IdP).
Pre-requisites
Before getting started, make sure that you have created your Okta account. Once created, add the PostBeyond application in Okta.
Step 1: Notify PostBeyond
When you are ready to start the process, let your CSM know that that they can enable on the feature and help ensure that you are set-up for success.
Step 2: Create a custom app in OKTA
In OKTA Applications, click Add Application:
Then click Create New Application
Create New application for Web > SAML 2.0
Set-up 'General Settings' and click Next
App Name
Logo ( right-click the PostBeyond image below and save to upload as logo)
Download the OKTA Certificate (This will be given to the PostBeyond team):
Configure SAML starting with 'A: SAML Settings'
add the 'Single sign on URL' (ie. https://your-subdomain-here.postbeyond.com/api/v1/auth/saml )
add 'Entity ID' (ie. https://your-subdomain-here.postbeyond.com)
Scroll down and add 3 attributes:
First Name
Last Name
Email
They can be whatever your company wants them to be. Please note that these attribute variables will be sent to PostBeyond:
(You can skip) 'B' to preview to SAML assertion
'Feedback' and click Finish
Are you a customer a partner? Select Customer.
Step 3: Send Metadata, Certificate and Attributes to PostBeyond
Metadata file
In the Custom SAML Application created, go to 'Sign on' and click Identity Provider metadata. Provide this URL to the CSM.
Attributes
PostBeyond needs these 3 attributes variable names:
First Name
Last Name
Email
These variables were set-up in the Custom Application creation process, but can be found on the 'General' page of the app....
...when you scroll down unders 'Attribute Statements':
Certificate
Send the certificate downloaded during the set-up
Step 4: PostBeyond to Complete the Process Internally
After you have sent PostBeyond with the Metadata file & three attribute variables, PostBeyond will finalize the process and provide you with an expected date of completion. This process can take up to 3 weeks to complete as it will need to be funneled into the upcoming sprint.
Once the admin is notified that the set-up is complete, the login page will have the option for users to login via SSO.
Step 5: Testing & Troubleshooting
Immediately after the process is completed, make sure to test logging in via SSO. Read this article should you experience any issues with this new login option.
Step 6: Set-up SSO Default Group
Once you've completed your set-up, we encourage that you create an SSO group for PostBeyond user accounts that are generated from logging into via SSO. To learn more, please see Default Group for SSO Generated PostBeyond Accounts.