To set up Sendoso with Okta, you'll need to add the Sendoso application in Okta by following the steps below. Once you have these completed, connect with our team to finish the setup!
Supported Features:
- SP-initiated SSO
- IdP-initiated SSO
- Just-in-Time Provisioning
- SCIM Provisioning
Configuring Okta
*Note - in a few steps, you'll need to define a unique connection name. We'll use your company name (ex. sendoso, okta, auth0), however, since these are unique it can't be the same as another connection. If you're concerned about potential overlap or you've migrated to a new Okta instance please connect with our support team first.*
From the Okta Admin Dashboard, click Applications, then Browse App Catalog.
Next, search for Sendoso and click on the Sendoso SAML option.
Then hit, + Add Integration.
Review the application label field, by default it will be Sendoso (this is what Okta users will see). Then hit Done.
After clicking done, navigate to the 'Sign On' tab, and click 'Edit' under Settings.
Scroll down to the 'Advanced Sign-on Settings' section, and in the Connection field input your company's name in all lowercase letters (ex. auth0, okta, sendoso) then hit save.
After hitting save, scroll back up, and under the SAML 2.0 section, click "More Details."
Copy the Sign On URL & Download the Signing Certificate.
Finally, please contact our support team to complete the setup by choosing SSO and Complete Set Up on your support request.
Be sure to include the following:
- Connection Name (the one you put in the 'connection' field):
- Sign-in URL (Copied from the step above):
- Signing Cert that was downloaded (you can attach this file when submitting the support request)
That's it! The Sendoso team will assist in completing the setup from this point.
Provisioning
If you wish to provision users, please read below. Once you have determined which method is right for you, please include that in your support request!
Here are the details for each method:
Just-in-Time Provisioning -
Sendoso will create the user from Okta when they click on the assigned application for the first time. No updates or deletions will be handled via this method.
SCIM Provisioning -
Sendoso will create the user immediately once the tile is assigned. After that, any updates to the user's profile in Okta will push to Sendoso (ie. a change to their division attribute). This method will also de-provision a user if they are removed from the application in Okta.
To get set up with SCIM, navigate to the 'Provisioning' tab and click 'Configure API Integration.'
Next, click the checkbox to Enable API Integration and then the 'Authenticate with Sendoso' button.
A pop-up will appear asking you to log in (if not already). Once you do that, hit the green button to allow Okta x Sendoso.
Once authenticated, press save.
Once the page reloads, click 'Edit' in the top section of provisioning and choose what options you'd like Sendoso to handle.
Click 'Save' and you're done!
Be sure you let us know in your support request that you've chosen to enable SCIM.
Additional details about provisioning with Sendoso x Okta:
The following SAML attributes are supported -
Attribute Name | Value |
user_name |
user.userName |
user.email | |
givenName | user.firstName |
familyName |
user.lastName |
userType | user.userType |
division | user.divison |
The division attribute (team in Sendoso), should be an exact match to the team name in Sendoso.
The userType attribute (role in Sendoso), can be any of the following: admin, department_admin, manager, or sender (all lowercase).
When using SCIM, if no values are added for userType, Sendoso will default to the lowest permission set (sender). In the event division doesn't have a value, the user will not be provisioned to any team in Sendoso and you will have to manually add them to a team.
If you elect to use just-in-time and no value is passed for userType, Sendoso will default to the lowest permission set (sender). If the division attribute is missing, Sendoso will default to a team that is chosen by you (be sure to include that in your support ticket).