Custom OKTA Application (SAML SSO with OKTA IdP)
Lauren avatar
Written by Lauren
Updated over a week ago


In this article, we go over how to set-up Custom OKTA Application (SAML SSO with OKTA IdP).

Pre-requisites

Before getting started, make sure that you have created your Okta account. Once created, add the PostBeyond application in Okta.

Step 1: Notify PostBeyond

When you are ready to start the process, let your CSM know that that they can enable on the feature and help ensure that you are set-up for success.

Step 2: Create a custom app in OKTA

In OKTA Applications, click Add Application:

Then click Create New Application

Create New application for Web > SAML 2.0

Set-up 'General Settings' and click Next

  • App Name

  • Logo ( right-click the PostBeyond image below and save to upload as logo)

Download the OKTA Certificate (This will be given to the PostBeyond team):

Configure SAML starting with 'A: SAML Settings'

Scroll down and add 3 attributes:

  • First Name

  • Last Name

  • Email

They can be whatever your company wants them to be. Please note that these attribute variables will be sent to PostBeyond:

(You can skip) 'B' to preview to SAML assertion

'Feedback' and click Finish

  • Are you a customer a partner? Select Customer.

Step 3: Send Metadata, Certificate and Attributes to PostBeyond

Metadata file

In the Custom SAML Application created, go to 'Sign on' and click Identity Provider metadata. Provide this URL to the CSM.

Attributes

PostBeyond needs these 3 attributes variable names:

  • First Name

  • Last Name

  • Email

These variables were set-up in the Custom Application creation process, but can be found on the 'General' page of the app....

...when you scroll down unders 'Attribute Statements':

Certificate

Send the certificate downloaded during the set-up

Step 4: PostBeyond to Complete the Process Internally

After you have sent PostBeyond with the Metadata file & three attribute variables, PostBeyond will finalize the process and provide you with an expected date of completion. This process can take up to 3 weeks to complete as it will need to be funneled into the upcoming sprint.

Once the admin is notified that the set-up is complete, the login page will have the option for users to login via SSO.

Step 5: Testing & Troubleshooting

Immediately after the process is completed, make sure to test logging in via SSO. Read this article should you experience any issues with this new login option.

Step 6: Set-up SSO Default Group

Once you've completed your set-up, we encourage that you create an SSO group for PostBeyond user accounts that are generated from logging into via SSO. To learn more, please see Default Group for SSO Generated PostBeyond Accounts.

Did this answer your question?