As a Tethr Admin user you can configure SAML 2.0 single sign-on (SSO) using Okta identity provider.
What we'll cover:
-
Configuring Okta IdP for SAML 2.0 SSO
- Add Tethr as a new SAML 2.0 Web application
- Create a SAML integration
- Provide the IdP metadata to Tethr
- Configure SAML SSO for a specific IdP
Before you begin:
Before you can configure SAML 2.0 SSO in Okta, you'll need:
- to be an Administrator of your organization’s Tethr users so you can activate users and test the integration.
- an Okta account with Administrator privileges.
Configuring Okta IdP for SAML 2.0 SSO
This section shows you how to configure the identity provider, Okta, to enable SAML single sign-on in Tethr.
Within Okta you’ll first add Tethr as a new SAML 2.0 Web application. Finally, you’ll set up a SAML integration and provide the IdP metadata to Tethr.
Add Tethr as a new SAML 2.0 Web application
To begin, you’ll need to sign in to your existing Okta identity provider account using your administrative rights.
-
Select Applications from the main menu.
-
On the Applications page, select the Add Application button.
-
Within the Add Applications page, select the Create New App button.
-
You’ll see a Create a new Application Integration pop-up, where you’ll choose Web as the platform.
-
Choose SAML 2.0 as the sign-on method.
-
Then select Create.
Create a SAML integration
-
On the Create SAML integration page under the General Settings tab, you’ll give your App a name and description and upload an optional logo.
a) For the App name, use Tethr.
b) Optional: Download this Tethr logo image to use as the App image:
c) Select Next to configure SAML. - On the Configure SAML tab under General SAML Settings section, enter https://mycompanyname.tethr.com/AuthServices/Acs as your single sign-on URL.
-
Then enter https://mycompanyname.tethr.com/AuthServices as your Audience URI (SP Entity ID).
-
Under the Attribute Statements section:
a) Enter user.id as the Name.
b) Enter user.login as the first Value.
Proceed through to complete the setup process. When you reach the Sign On tab, under Settings in the Sign On Methods section you’ll see a note to View Setup Instructions. -
Select View Setup Instructions.
-
Copy all contents within the Provide the following IDP metadata to your SP provider field, and send this metadata to your Tethr Integrations Specialist.
Provide the IdP metadata to Tethr
To complete SAML SSO configuration for your organization, you'll need to provide Tethr the identity provider (IdP) SAML metadata file you created above, which helps Tethr understand how to communicate with Okta and how to request user authentication.
Forcing SSO by specific email domain
We recommend the organizations who work with Tethr enforce the use of SSO. To enforce SSO in your organization, provide a list of email domains you’d like SSO enforced on to your Tethr Integrations Specialist.
Tethr account activation and sign in experience
When a Tethr user needs to be activated and they’re using SSO, they should utilize the Sign in with Okta button rather than selecting the Activate account button, as shown below:
If you’ve enabled SSO in your organization, your users’ login page will include a Sign in with Okta option as shown below: