Skip to main content

User Guide: Configuring Single Sign-on (SSO) for Okta

Single Sign-On (SSO) enables ALTR administrators to sign into the ALTR platform without having to remember a separate username, password and two-factor authentication method. Follow the steps below to set up SSO with Entra.

Warning

Once activated, SSO can only be turned off in ALTR by contacting ALTR Support.

Note

This guide was last updated in January 2024. Some of the elements in Okta may have changed since this guide was published.

Prerequisites for Configuring SSO

When enabling SSO, make sure you have

  • Administrator access to your identity provider.

  • An ALTR Enterprise account. SSO is not available for free-tier ALTR customers. For more information, see ALTR's pricing page.

  • Superadministrator access to your ALTR account. If you are unsure what your role is within ALTR, refer to Administrators for more information.

How to Configure SSO with Okta

The following steps outline how to create a new "application" in Okta, which is used to log into ALTR. Your Okta administrator should be familiar with this process.

To configure SSO with Okta:

  1. Create a new Application in Okta.

    1. Sign into the OKTA admin console.

      OKTA_Create_App_Integration.png
    2. Click the Create App Integration button to create a new Okta application.

    3. Set the Sign In method to SAML 2.0. Click Next.

    4. Under General Settings, set a name for the application, such as "ALTR." If you have multiple ALTR accounts, make sure this name is descriptive to the ALTR account you are connecting. Click Next.

  2. Identify the necessary metadata from ALTR to configure SSO.

    1. Log into your ALTR account.

    2. Select SettingsPreferences in the Navigation menu.

    3. Select the SSO tab.

      SSO_Settings.png
    4. Copy the metadata URL and open it in a new tab in your browser.

    5. Identify the "Location" and "Entity ID" fields in the XML file.

      ALTR_metadata_file.png
  3. Configure the necessary SSO settings in Okta.

    1. Copy the Location field from ALTR's metadata file and paste it in the Single sign-on URL field in Okta.

      OKTA_SSO_Settings.png
    2. Select the Use this for Recipient URL and Destination URL checkbox.

    3. Copy the Entity ID field from ALTR's metadata file and paste it in the Audience URL (SP Entity ID) field in OKTA.

    4. Ensure that the Application username field is set to Okta Username. Click Next.

    5. On the "Create SAML Integration Page", select I'm an Okta customer adding an internal app with Okta. Click Finish.

  4. Provision your ALTR administrators to your Okta application.

    1. In Okta, navigate your ALTR application and select the Assignments tab.

    2. Identify yourself in the list of assigned users. Your Username is in the field below your name and is typically in gray.

    3. In ALTR, select SettingsAdministrators in the Navigation menu and find your Username.

    4. Ensure that your ALTR Username exactly matches your Username in Okta. This match is case sensitive. If your Username in ALTR does not exactly match your Okta Username, you will not be able to sign into ALTR.

      OKTa_Admin_Assignments.png

      Notice

      If your ALTR Username does not match, you have two options:

      • Create a new ALTR account using the correct Username.

      • Override the Username in Okta for this integration. When assigning the user, copy your Username from ALTR and paste it into the Username field in Okta. This override only affects your login for ALTR; it does not change any of your other tools.

    5. Repeat these steps for each of your ALTR administrators.

  5. Configure SSO in ALTR.

    1. In Okta, navigate to the Sign On tab for your application. Copy the Metadata URL.

    2. In ALTR, select SettingsPreferences in the Navigation menu. Select the SSO tab. Paste the metadata URL into the SSO Provider's Metadata URL field.

      ALTR_SSO_Settings.png
    3. Select the Okta checkbox and click the Enable SSO button.

      Important

      Do not close your window or sign out of ALTR yet.

    4. Once ALTR has successfully configured SSO, keep your current window open, open an incognito window or a different browser, and sign into your ALTR account. Do not sign out of ALTR on your main window until you have confirmed you can sign into ALTR on the second window.

      Note

      If you are unable to log into the second window, create a new Administrator account in ALTR with a Username that exactly matches (it is case sensitive) your unique identifier in your identify provider (IdP). For Okta, this is typically your Username.

    5. Once you have successfully logged into ALTR through SSO, you can sign out of ALTR or close your browser.