What you'll learn in this article: If your company uses Okta as an identity provider under SAML 2.0, you can easily set up SSO on your own.
Setting up a new SSO integration for Okta with SAML
Who can set up this feature?
- You need to have admin rights in both TravelPerk and Okta to be able to set this up
- Both TravelPerk and Okta need to be open and accessible to finalize the integration
To configure a new SSO integration, follow these steps:
- Go to Company settings > Integrations > SSO
- Click on Set up
- Click on SAML and create a New integration
Once you've created a New integration, you'll need to configure it:
- Open your Okta Admin Console →Applications → Browse App Catalog → Search for "Travelperk"
- Click on Add Integration
- Click on Next
- Click onView Setup Instructions
- From the View Setup Instructions page, copy the IdP entity ID, IdP SSO service URL and IdP x509 cert
- Go back to the TravelPerk app and go to the integration you’ve created in the first step.
- Paste the values you copied into the relevant fields (IdP entity ID, IdP SSO service URL and IdP x509 cert)
- Copy the SP Assertion Consumer Service URL (It should have the format https://tenantId.travelperk.com/accounts/saml2/callback/applicationid/?acs, notice the bold parts tenantid and applicationid)
- Go back to your Okta App configuration, in the advanced settings set the Tenant Id and the Application Id from the link you copied in step 8
- Click on Done
You'll finish setting it up once you click on Create integration in TravelPerk.
Remember! You will need to assign users/groups to the app in the Assignments Tab in Okta to let your users access TravelPerk.
Optional next steps
There are other features you can take advantage of when enabling SSO for your company. You will find the configuration screen once you have clicked on Create integration and the integration was created successfully:
- Create users when they sign in. If you ever wonder if all your employees have access to TravelPerk, turn this on and we will create the user on the fly. We won't create a user if the person doesn't have access to the app from Okta.
- Update users when they sign in. We'll match TravelPerk's information to the information received by the IdP.
- Customize your sign in button
- Additionally, you can automate the provisioning and management of the users from Okta: it is possible to create, manage, edit or delete users automatically from Okta. Follow these guidelines for more information!
You can check more information about the Advanced Settings here