Setting up SSO with Okta

Validaide supports Single Sign-On (SSO) with Okta. Setting up SSO with Okta in Validaide is 'self-service', meaning that an Administrator can configure SSO using Okta themselves in the 'Administration' section of Validaide.

  Please note the following:

- In order to set up SSO using Okta, you will need to add Validaide as an application to your Okta tenant. If you do not have access to Okta yourself, you will need to reach out to your IT department and ask them for support. You can provide the URL of this article to them for assistance, as it contains the Domain and Redirect URI that they will require.

- Once you enable SSO, all users of your company can no longer log in using their original Validaide credentials. If somehow the SSO setup is incorrect, your users will not be able to log in to Validaide and you yourself might lose access as well. If this happens, you can reach out to support@validaide.com so we can help troubleshoot the problem or disable SSO for you.

Technical Implementation

Validaide uses a 3rd party service called Auth0 for authenticating users in Validaide and the SSO implementation of Validaide is built around Auth0's concept of 'Enterprise Connections'. More information about Auth0 Okta Enterprise Connections can be found here.

Process

The process to configure SSO using Okta consists of the following steps:

1. Okta: Create an Application for Validaide
2. Validaide: Enable SSO with Okta
3. Validaide: Test SSO

In order for the SSO integration to be established, at the end of this step the following information is required:

• Domain 
  (the domain of your company e.g. 'acme.com')
• Identity Provider Domains 
  (a comma-separated list of domains, e.g. 'acme2.com,new-acme.com')

As input, you will need to use the following information from the Validaide application:

• Domain: validaide.eu.auth0.com
• Redirect URI: https://validaide.eu.auth0.com/login/callback

Step 1: Okta: Create an Application for Validaide

1. Log in to Okta, typically this is achieved by navigating to https://www.okta.com/  
2. Navigate to the menu 'Applications', you should see the overview of all applications 
    
    
3. Press the button 'Create App integration', in the following screen pick the options 'OIDC - OpenID Connect' and 'Web Application' 
   
4. Press the button 'Next'
5. In the 'New Web App Integration' screen, input the name 'Validaide' and input in the 'Sign-in redirect URIs' the value https://validaide-dev.eu.auth0.com/login/callback  
   
6. In the 'Assignments' section you can decide how to control the access base on groups, if needed. This choice is up to the organization 
   
7. Press 'Save', you will be redirected to the Applications page
8. Open the Validaide application and take note of the following information, they will be used in the next step: 
   
   • Client (or Application) ID 
     (the unique identifier of Validaide in Okta e.g. 'xxxripudJNSPNSU697')
   • Client Secret 
     (a secure string e.g. 'xxx6fiMVCzaysJsqj589qQ4iqtBjp9C8rwuJgZ8lJXHg3ifJAJu63TmB')  

Step 2: Enable SSO with Okta in Validaide

1. Log in to Validaide on https://app.validaide.com/login
2. Navigate to the Administration menu using the cog wheel icon in the top menu
3. Click on the 'Single Sign-on (SSO)' menu under 'Tenant Configuration' 
    
    
    NOTE: SSO is an enterprise feature, if the menu is not visible, it means the SSO module is not enabled for your company, please contact support@validaide.com for pricing information.

   4. Press the 'Okta' button, a dialog will open called 'Configure Okta'

   5. Fill in the fields as follows:

1. Domain: The primary domain of the Okta of your organization, e.g. 'acme.com'
2. Client ID: The Client (or Application) ID you noted before
3. Secret: The Secret Value that you noted before
4. Additional Domains (optional): Here you can fill in any additional domains of your organization 
    
    

   6. Press the 'Save' button, the SSO setup will be configured

 NOTE: It is best to not log out of Validaide until you have confirmed SSO is working!

Step 7: Test SSO

A good way to test SSO is to do this using a different browser or a private browser tab. The user enabling SSO should remain logged in so they can disable the SSO if for some reason it is not working. Alternatively, you can go through the process together with a colleague or someone from your IT department.

1. Once SSO is enabled, open a different browser, or if you do not have a different browser, open a 'private browsing' tab, so you do not interrupt your current session and you remain logged in.
2. Navigate to the login page of Validaide at https://app.validaide.com/login
3. Type in your E-mail address: if SSO is configured correctly, Validaide will detect your company's domain and the login screen will change dynamically be removing the password field and telling you 'Single Sign-on is Enabled', as seen below:

   4. Press the 'Log In' button: you should now be redirected to the login of your company, and once you have identified yourself, gain access to Validaide.

NOTE: Users added to Okta are not automatically created in Validaide. The SSO connection will only become active once the user logs in to Validaide for the first time.

Troubleshooting

It may happen that SSO is not working after you have configured it. If this is the case, the first step is to work with your IT department to determine if the setup was performed correctly and there are no errors in the Okta audit trail. For example, not setting the Redirect URI or providing the right permissions will result in the SSO not working correctly.

If you cannot get the SSO to work after debugging, contact support@validaide.com and we will provide assistance.