This guide will walk you through the steps to configure Single Sign-On between Okta and ALTR. It is written for someone with Super Administrator privileges to follow.
You must meet the following requirements to configure SSO for Okta:
Your organization must currently subscribe to our ALTR Enterprise Plus tier plan
You must have Super Administrator privileges
You must have administrator access to your Identity Service Provider (Okta) account
Follow the steps below to configure SSO for Okta and ALTR.
First, create a new Okta application to connect with ALTR by clicking the Create App Integration button shown in figure 1. When prompted, choose to create a SAML application.
Set the application information in the first page to your desired values.
On the second page of the Okta app creation flow, pause to visit the ALTR UI. You will need the ALTR SP Metadata file to continue. You can view the ALTR SP Metadata file by clicking the Copy button on the SSO Configuration page (shown in figure 2) and opening that link in a new tab or window. You can also click Download on the ALTR SP Metadata file to your computer and open it in a text editor or reader application of your choice.
Once you are viewing the ALTR SP Metadata file (see figure 3a), you will need to copy the EntityID and Location values into the appropriate fields (see figure 3b).
Make sure the Use this for recipient URL and Destination URL checkbox of the Okta interface is ticked that's shown in figure 3b.
Click Next, set any desired values on the third page, and then click Finish (figure 4).
(Optional but recommended) Assign your users and groups as desired to this new application so they can access the ALTR UI.
Visit the Sign On tab of this new Okta application if you are not already there (figure 5).
Under the Metadata Details section, click the Copy button underneath your Metadata URL shown in figure 6. Paste this into the ALTR UI SSO Configuration Page field and choose the Okta radio option.
Click Enable on the ALTR SSO Configuration Page.
Frequently Asked Questions
Question: Now that I've enabled SSO why can't my users log in?
Answer: We will do matching on the username field and there's a requirement that users have an identity with a matching username on both sides (ALTR and their Identity Provider).
Thank you! We appreciate your feedback.
Oops! Something went wrong while submitting the form.