Back to TravelPerk Contact us Request demo

Articles in this section

See more

How can I set up SSO with Okta (SAML)?

  • Updated

What you'll learn in this article: If your company uses Okta as an identity provider under SAML 2.0, you can easily set up SSO on your own. 

Setting up a new SSO integration for Okta with SAML

Who can set up this feature?
  • You need to have admin rights in both TravelPerk and Okta to be able to set this up
  • Both TravelPerk and Okta need to be open and accessible to finalize the integration

To configure a new SSO integration, follow these steps:

  1. Go to Company settings > Integrations > SSO
  2. Click on Set up
  3. Click on SAML and create a New integration

Screenshot_2020-11-11_at_13.30.49.png

Once you've created a New integration, you'll need to configure it:

  1. Open your Okta Admin Console →Applications → Add ApplicationCreate New App
    Screenshot_2020-11-17_at_11.42.57.png

    Screenshot_2020-11-17_at_11.44.49.png
  2. Choose Web and Sign on Method SAML 2.0
    Screenshot_2020-11-17_at_16.10.03.png
  3. Complete the General Settings as you wish. Give your new SAML app a name, upload a logo, everything to recognize your TravelPerk app. Click on Next
    Screenshot_2020-11-17_at_16.21.46.png

From your TravelPerk to your Okta App configuration:

  1. Copy SP Assertion Consumer Service URL and paste it in Single sign-on URL (keep the Recipient URL and Destination URL checked)
  2. Copy SP entity ID and paste it in Audience URI (SP Entity ID)
    Screenshot_2020-11-11_at_20.16.22.png
  3. Add the attribute mapping inside ATTRIBUTE STATEMENTS (OPTIONAL). Capitals and punctuation signs are important. Where:
    Name value
    User.FirstName user.firstName
    User.LastName user.lastName
    User.email user.email
  4. Be sure to have Assertion Encryption set to Unencrypted in Advanced settings
    Step 2. Configure SAML should look like this
    image__2___1_.webp
  5. Click Next
  6. Confirm "I'm an Okta customer adding an internal app" and click Finish
    Screenshot_2020-11-17_at_16.49.03.png
  7. On the next screen click on View Setup InstructionsScreenshot_2020-11-17_at_16.56.00.png

From Okta to TravelPerk configuration:

  1. Copy Identity Provider Single Sign-On URL and paste it in IdP SSO service URL
  2. Copy Identity Provider Issuer and paste it in IdP entity ID
  3. Copy X.509 Certificate and paste it in IdP x509 cert

You'll finish setting it up once you click on Create integration in TravelPerk.

 

Remember! You will need to assign users/groups to the app in the Assignments Tab in Okta to let your users access TravelPerk.

 

Optional next steps

There are other features you can take advantage of when enabling SSO for your company. You will find the configuration screen once you have clicked on Create integration and the integration was created successfully:

  • Create users when they sign in. If you ever wonder if all your employees have access to TravelPerk, turn this on and we will create the user on the fly. We won't create a user if the person doesn't have access to the app from Okta.
  • Update users when they sign in. We'll match TravelPerk's information to the information received by the IdP.
  • Customize your sign in button
  • Additionally, you can automate the provisioning and management of the users from Okta: it is possible to create, manage, edit or delete users automatically from Okta. Follow these guidelines for more information!

You can check more information about the Advanced Settings here

Related articles