Setting Up Okta SSO

  • Updated

To set up Sendoso with Okta, you'll need to add the Sendoso application in Okta by following the steps below. Once you have these completed, connect with our team to finish the setup!

Supported Features:

Configuring Okta

*Note - in a few steps, you'll need to define a unique connection name. We'll use your company name (ex. sendoso, okta, auth0), however, since these are unique it can't be the same as another connection. If you're concerned about potential overlap or you've migrated to a new Okta instance please connect with our support team first.*

From the Okta Admin Dashboard, click Applications, then Browse App Catalog.

Screenshot_2023-05-03_at_8.22.13_AM.png

 

Next, search for Sendoso and click on the Sendoso SAML option.

Screenshot_2023-05-03_at_8.22.38_AM.png

Then hit, + Add Integration.

Screenshot_2023-05-03_at_8.26.23_AM.png

 

Review the application label field, by default it will be Sendoso (this is what Okta users will see). Then hit Done.

Screenshot_2023-05-03_at_8.30.29_AM.png

After clicking done, navigate to the 'Sign On' tab, and click 'Edit' under Settings.

Screenshot_2023-05-03_at_8.40.36_AM.png

Scroll down to the 'Advanced Sign-on Settings' section, and in the Connection field input your company's name in all lowercase letters (ex. auth0, okta, sendoso) then hit save.

Screenshot_2023-05-03_at_8.49.43_AM.png

After hitting save, scroll back up, and under the SAML 2.0 section, click "More Details."

Screenshot_2023-05-03_at_9.50.56_AM.png

Copy the Sign On URL & Download the Signing Certificate.

Screenshot_2023-05-03_at_9.52.31_AM.png

 

Finally, please contact our support team to complete the setup by choosing SSO and Complete Set Up on your support request.

Be sure to include the following:

  • Connection Name (the one you put in the 'connection' field):
  • Sign-in URL (Copied from the step above):
  • Signing Cert that was downloaded (you can attach this file when submitting the support request)

That's it! The Sendoso team will assist in completing the setup from this point.

Provisioning

If you wish to provision users, please read below. Once you have determined which method is right for you, please include that in your support request!

Here are the details for each method:

Just-in-Time Provisioning -

Sendoso will create the user from Okta when they click on the assigned application for the first time. No updates or deletions will be handled via this method.

SCIM Provisioning -

Sendoso will create the user immediately once the tile is assigned. After that, any updates to the user's profile in Okta will push to Sendoso (ie. a change to their division attribute). This method will also de-provision a user if they are removed from the application in Okta.

To get set up with SCIM, navigate to the 'Provisioning' tab and click 'Configure API Integration.'

Screenshot 2024-02-13 at 11.28.33 AM.png

Next, click the checkbox to Enable API Integration and then the 'Authenticate with Sendoso' button.

Screenshot 2024-02-13 at 11.28.46 AM.png

A pop-up will appear asking you to log in (if not already). Once you do that, hit the green button to allow Okta x Sendoso.

Once authenticated, press save.

Screenshot 2024-02-13 at 11.34.29 AM.png

Once the page reloads, click 'Edit' in the top section of provisioning and choose what options you'd like Sendoso to handle.

Screenshot 2024-02-13 at 11.43.06 AM.png

Click 'Save' and you're done!

Be sure you let us know in your support request that you've chosen to enable SCIM.

Additional details about provisioning with Sendoso x Okta:

The following SAML attributes are supported -

Attribute Name Value
user_name

user.userName

email user.email
givenName user.firstName
familyName

user.lastName

userType user.userType
division user.divison


The division attribute (team in Sendoso), should be an exact match to the team name in Sendoso.

The userType attribute (role in Sendoso), can be any of the following: admin, department_admin, manager, or sender (all lowercase).

When using SCIM, if no values are added for userType, Sendoso will default to the lowest permission set (sender). In the event division doesn't have a value, the user will not be provisioned to any team in Sendoso and you will have to manually add them to a team.

If you elect to use just-in-time and no value is passed for userType, Sendoso will default to the lowest permission set (sender). If the division attribute is missing, Sendoso will default to a team that is chosen by you (be sure to include that in your support ticket).

 

 

Was this article helpful?

2 out of 2 found this helpful

Have feedback about this article? Click here to share your thoughts.