Enable SSO with Okta
Set up SSO integration with Okta and configure settings to allow users to access EveryoneSocial by authenticating with Okta.
🔸 Okta requires a user have an administrator role to integrate SSO.
🔹 This is available on the Enterprise and Unlimited User plan.
Create a new app integration
We support SAML 2.0 and OIDC for sign-on methods.
Integrate with SAML
Here is the information to integrate Okta’s SAML 2.0. Please enter the following information in the respective fields in Okta.
Single Sign on URL: https://YOUR_SUBDOMAIN.everyonesocial.app/sso
🔸 Update YOUR_SUBDOMAIN to the custom subdomain applied to your company’s Workspace.
🔹 “Use this for Recipient URL and Destination URL” should not be selected.
- Recipient URL: https://auth.everyonesocial-prod.com/saml2/idpresponse
- Destination URL: https://auth.everyonesocial-prod.com/saml2/idpresponse
- Audience URI (SP Entity ID): urn:amazon:cognito:sp:us-east-1_Njik3uRLR
- Name ID format: Select “EmailAddress.”
- Application username: Select “Email.”
- Update application username on: Select “Create and update.”
Here is an example of how to configure SAML 2.0.
Enter the following Attribute Statements.
- Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
- Value: user.email
Click Next, then click Finish when all is entered.
Additional SAML attribute mappings
EveryoneSocial can map additional attributes to populate during the onboarding process, including users' full name, department, and location.
Please tell us which attributes are required to be mapped to ensure attributes exist in EveryoneSocial and that these match the ones in the your system.
Below is an example of what this may look like in Okta.
Test the SAML integration
Once the steps above are complete, we will need to add the “Identity Provider metadata” to complete the integration.
Locate and download the Identity Provider metadata.
Send this to EveryoneSocial Support. Once received, we will integrate the metadata and arrange a call to test the SSO integration before going live.
Assign access with user provisioning
At this point, you can set up Just-In-Time provisioning within OKTA to determine which users have access to EveryoneSocial. (This can also be filtered on our end if JIT Provisioning is disabled.)
You can also set up SCIM provisioning within OKTA. You'll need EveryoneSocial's details on SCIM provisioning.
Integrate with OIDC
Here is the information to integrate with Okta’s OpenID Connect (OIDC). Select OIDC and Web Application to get started.
Enter the following information in the respective fields in Okta. Default values are acceptable if nothing has been specified.
- Sign-in redirect URLs: https://auth.everyonesocial-prod.com/oauth2/idpresponse
- Base URLs: https://auth.everyonesocial-prod.com
Click Next then click Finish when all is entered.
Test the OIDC integration
Once these steps are complete, we will need the following information to complete the integration.
- Client ID
- Client Secret
- Okta ID
Send this to EveryoneSocial Support. Once received, we will integrate the metadata and arrange a call to test the SSO integration before going live.
Resources
Here is a downloadable file of the EveryoneSocial icon if you want to use it to represent the integration.