In order to configure OKTA with PeopleGoal you will need to liaise with your PeopleGoal account manager. They will configure an Enterprise connection for you and pass you the following key attributes:
- Single sign on URL
- Audience URI (SP Entity ID)
You will need to pass back certain values to your representative during this setup process. Let's begin.
Step 1: Add an application in your OKTA admin console
In your OKTA admin account click on 'Applications' in the navigation menu. Then click 'Add application', and then the 'Create new app' button:
Select 'Web' platform and use the SAML 2.0 sign on method:
Proceed with the wizard configuration using the following attributes, and click 'next':
- App name: PeopleGoal
- App logo: Download and save this file
Step 2: Configure SAML
On this page we will configure SAML as shown in the screenshot below.
- Single sign on URL: use the value provided by your account manager
- Audience URI: use the value provided by your account manager
- Name ID format: Select 'unspecified'
- Application username: Select 'email'
- Update application username on: Select 'Create and update'
You will also need to configure an attribute statement as follows:
- Name: email
- Name format: Unspecified
- Value: user.email
Click 'next to proceed' to the Feedback section.
Select 'I am an OKTA customer adding an internal app':
Click 'Finish' to proceed.
Step 3: Provide setup instructions to PeopleGoal
Now that the application has been created you will need to pass some details on to your account manager to complete the configuration. Click on 'View Setup Instructions'.
From the next screen you will need to pass the following to your account manager:
- Identity provider single sign-on URL
- X.509 certificate (please download this file and attach to an email)
Please forward this information to your account manager who will complete the connection setup.
Step 4: Test the connection
Now that you've added the application in OKTA you will need to assign it to your users as you see fit. Once you've assigned the application you can test it from 'My apps'. If you have any questions at this stage please discuss with your account manager.