In this article, we go over how to set-up OKTA PostBeyond application integration.
- Pre-requisites
- OKTA Integration Set-up
Pre-requisites
Before getting started, make sure that you have created your Okta account. Once created, add the PostBeyond application in Okta.
OKTA PostBeyond Application Integration Set-up
Supported Features
The Okta/PostBeyond SAML integration currently supports the following features:
- IdP-initiated SSO
Configuration Steps
1. Contact the PostBeyond Support team and request that they enable SAML 2.0 for your account.
2. Provide PostBeyond with Metadata file & 3 Attributes Variable Names
A. Metadata file.
Can be found in the Application > Sign On tab
B. The 3 attribute variables.
PostBeyond needs these 3 attributes:
- First Name
- Last Name
In Okta, go to Directory > Profile Editor > (and beside the OKTA application) Profile:
NOTE: We recommend not creating attributes in the PostBeyond application. if you have, please remove them as we will pull the attributes from your general OKTA set-up.
From there, please provide us with the variable names for:
- User first name
- User last name
3. Add your subdomain
In Okta, select the General tab for the PostBeyond app, then click Edit.
- Enter the subdomain into the Subdomain field. This is the subdomain you have arranged with PostBeyond (i.e. https://(your-subdomain).postbeyond.com)
- Click Save.
OPTIONAL: To send groups as a part of SAML assertion:
- In Okta, select the Sign On tab for the PostBeyond app, then click Edit.
- Select the appropriate filter from the groups dropdown menu and type the preferred value into the field.
- Click Save.
IMPORTANT: for the grouping to work your company's internal directory has to match the PostBeyond group set-up identically. If it does not, we recommend not performing this step as it can cause complications.
Step 4: PostBeyond to Complete the Process Internally
After you have sent PostBeyond with the Metadata file & three attribute variables, PostBeyond will finalize the process and provide you with an expected date of completion. This process can take up to 3 weeks to complete as it will need to be funneled into the upcoming sprint.
Once the admin is notified that the set-up is complete, the login page will have the option for users to login via SSO:
Step 5: Testing & Troubleshooting
Immediately after the process is completed, make sure to test logging in via SSO. Read this article should you experience any issues with this new login option.