What you'll learn in this article: If your company uses Okta as an identity provider under SAML 2.0, you can easily set up SSO on your own.
Setting up a new SSO integration for Okta with SAML
- You need to have admin rights in both TravelPerk and Okta to be able to set this up
- Both TravelPerk and Okta need to be open and accessible to finalize the integration
To configure a new SSO integration, follow these steps:
- Go to Company settings > Integrations > SSO
- Click on Set up
- Click on SAML and create a New integration
Once you've created a New integration, you'll need to configure it:
- Open your Okta Admin Console →Applications → Add Application → Create New App
- Choose Web and Sign on Method SAML 2.0
- Complete the General Settings as you wish. Give your new SAML app a name, upload a logo, everything to recognize your TravelPerk app. Click on Next
From your TravelPerk to your Okta App configuration:
- Copy SP Assertion Consumer Service URL and paste it in Single sign-on URL (keep the Recipient URL and Destination URL checked)
- Copy SP entity ID and paste it in Audience URI (SP Entity ID)
- Add the attribute mapping inside ATTRIBUTE STATEMENTS (OPTIONAL). Capitals and punctuation signs are important. Where:
Name value User.FirstName user.firstName User.LastName user.lastName User.email user.email
- Be sure to have Assertion Encryption set to Unencrypted in Advanced settings
Step 2. Configure SAML should look like this
- Click Next
- Confirm "I'm an Okta customer adding an internal app" and click Finish
- On the next screen click on View Setup Instructions
From Okta to TravelPerk configuration:
- Copy Identity Provider Single Sign-On URL and paste it in IdP SSO service URL
- Copy Identity Provider Issuer and paste it in IdP entity ID
- Copy X.509 Certificate and paste it in IdP x509 cert
You'll finish setting it up once you click on Create integration in TravelPerk.
Remember! You will need to assign users/groups to the app in the Assignments Tab in Okta to let your users access TravelPerk.
Optional next steps
There are other features you can take advantage of when enabling SSO for your company. You will find the configuration screen once you have clicked on Create integration and the integration was created successfully:
- Create users when they sign in. If you ever wonder if all your employees have access to TravelPerk, turn this on and we will create the user on the fly. We won't create a user if the person doesn't have access to the app from Okta.
- Update users when they sign in. We'll match TravelPerk's information to the information received by the IdP.
- Customize your sign in button
- Additionally, you can automate the provisioning and management of the users from Okta: it is possible to create, manage, edit or delete users automatically from Okta. Follow these guidelines for more information!
You can check more information about the Advanced Settings here