Single Sign On - Okta Set-up

Step-by-step tutorial

1. Retrieve the required information from your Declaree administration

Log into your Declaree instance as an administrator.

Navigate to Admin > Single Sign-On.

Go to the General tab

Single Sign-On - General tab a. Enter a required subdomain value. You can use your domain name for example. Make a note of this value. b. Enter your email domain value.

4. Go to the SAML tab

Single Sign-On - SAML tab

Check the Activate SAML 2.0 box.

Click on Download the federation metadata.

Open the downloaded federation metadata XML file.

2. Configure Okta

Log into your Okta instance as an administrator.

Navigate to Applications > Applications.

Click on Create App Integration

OKTA Applications a. In the popup, select SAML 2.0

b. Then click on Next

4. In the Create SAML Integration page, in the General Settings tab Okta - New SAML - General Settings a. Fill in App name field, with “Declaree” for example

b. You can upload the Declaree logo (optional).

c. Click on Next

4. In the Create SAML Integration page, in the Configure SAML tab

Okta - New SAML - Configure SAML

a. Fill in the Single sign on URL field with the AssertionConsumerService Location you can find in the federation metadata XML file downloaded in step 1.4.b.
It should be an url like https://mydomain.declaree.com/saml/sp/acs or https://mydomain.declaree.de/saml/sp/acs

b. Fill in the Audience URI (SP Entity ID) field within the EntityDescriptor entityID you can find in the federation metadata XML file downloaded in step 1.4.b.
It should be an url like https://saml.declaree.com or https://saml.declaree.de

c. If you are not using your email address as Okta username, select Email in the Application username field.

d. Click on Next.

6. In the Create SAML Integration page, in the Feedback tab

Okta - New SAML - Feedback

a. Select I'm an Okta customer adding an internal app for the question Are you a customer or partner?

b. Click on Finish.

7. You’re redirected to the Declaree integration page, in the Sign On tab. Scroll down and click on View SAML setup instructions. It will open a new page, keep it open.

8. Go to the Assignments tab and assign Declaree to the people/groups that will need to access it.

3. Fill in the Declaree SSO SAML form

Log into your Declaree instance as an administrator.

Navigate to Admin > Single Sign-On.

Go to the SAML tab

Single Sign-On - SAML tab

a. To fill in the Federation metadata URL field, build an URL following these steps

Copy the Identity Provider Single Sign-On URL value from the page opened in step 2.7.

Remove the content between “/” after the “app”. It should be an aggregation of the name of your company and the name of the integration, something like mycompany_declaree

Add “/metadata” at the end of the URL.

You should obtain an URL like https://mycompany/app/som3l3tt3rsandnumb3rs/sso/saml/metadata https://mycompany/app/som3l3tt3rsandnumb3rs/sso/saml/metadata

b. Check the Automatically update box for an automatic update of the settings based on metadata.

c. Fill in the IdP SSO login URL field with the Identity Provider Single Sign-On URL value from the page opened in step 2.7.

d. Fill in the Issuer ID field with the Identity Provider Issuer value from the page opened in step 2.7.

e. Keep Persistent selected for the NameID format field.

f. Download the certificate from the page opened in step 2.7 and upload it in Signing Certificate.

g. Click on Save.

It should be done!

Test by going to your subdomain mydomain.declaree.com or mydomain.declaree.de and login with SSO.

Step-by-step tutorial

1. Retrieve the required information from your Declaree administration

2. Configure Okta

3. Fill in the Declaree SSO SAML form

4. Login