Integrations
      Back to home
      1. Help center
      2. Integrations

      Set Up Guide for Okta SSO

      Set up SSO (single sign-on) with Okta.

      ๐Ÿ“ Please note:

      1. SSO integrations are only available under select subscriptions. Reach out to support directly to see if your plan qualifies. ๐Ÿ“ง

      2. You will still need to add people to your Trainual account in order for them to be active in your account and for the SSO login to be effective.

      Learn how to add new teammates here!

      ๐Ÿ“• Step 1

      Connect Trainual as a new application within your Okta dashboard.

      1. Click โ€œApplicationsโ€ in the side navigation of your Okta dashboard.

      2. Click โ€œCreate app integration.โ€

      3. Select โ€œOIDC - OpenID Connectโ€ as the sign-on method.

      4. Select the โ€œWeb applicationโ€ type.

      5. Click โ€œNext.โ€

      You'll then be led to application settings:

      1. Name: Put โ€œTrainualโ€ (or whatever makes sense for you).

      2. Sign-in Redirect URI: Copy and paste. https://app.trainual.com/users/auth/oktaoauth/callback

        ๐Ÿšจ If you are using a custom domain for your Trainual account, you will need to add the custom domain redirect URL in addition to the original Trainual redirect URL noted above.

        โžก Custom Domain URL: https://app.whatever-custom-domain-it-is.com/users/auth/oktaoauth/callback

      3. Sign-out Redirect URI: Skip/clear this field. Trainual does not currently support the sign-out redirect flow.

      4. Base URI: Skip/clear this field as well unless this criterion applies to your account setup. If it does apply, add URI(s) as necessary.

      5. Assignments: If you have already created custom groups in Okta, feel free to add those groups here. If not, select โ€œAllow everyone in your organization to access.โ€

      6. Click โ€œSave.โ€

      ๐Ÿ“• Step 2

      Next, you'll be redirected to a page in your Okta dashboard that provides the client ID, client secret, and Okta domain.

      ๐ŸšจDon't close this page, you will lose the Client Secret!

       

      In a new browser tab, head to your Trainual account to connect Okta as an integration.

      Note: Make sure to log into Trainual as an admin.

       

      1. Expand the Account options from the left-hand navigation menu and choose "Integrations."

      2. Search and select โ€œOkta.โ€

      3. Click "Connect Your Okta account.โ€

      4. Copy over the client ID, client secret, and Okta domain from your open Okta tab and paste them into the correlating fields in the Trainual form.

      5. Click โ€œSubmit.โ€

       

      ๐Ÿ“ Please note: If the integration is successfully connected, you'll see two buttons appear on the Okta integrations page within Trainual: "View integrations" and "Deactivate integration."

      To test the single sign-on with Okta:

      Sign out of your Trainual account. Then, head back to the login page. You should now see a โ€œSign in with Oktaโ€ button.

       

       

      If you don't see this button, try clearing your browser history and refresh your page.

      ๐Ÿ‘‰ Click Sign in with Okta to authenticate with your Okta credentials

      ๐Ÿ“ Please note: When you log in using the Okta integration, you'll be prompted to authenticate using your Okta credentials. After that, you will automatically be signed on via Okta when they return to Trainual. If you'd like to add additional users to Okta, proceed to step 3!

      (As Needed) Adding users to your Okta dashboard

      Steps 3 through 5 outline how to add users to your Okta dashboard so that they can utilize the Trainual-Okta SSO integration.

      ๐Ÿ“• Step 3

      Log in to Okta as an โ€œAdministratorโ€ here.

      ๐Ÿ“— Step 4

      Add a user in Okta.

      1. In the Okta admin console, click โ€œDirectoryโ€ from the side navigation.

      2. Click โ€œPeople.โ€

      3. Click โ€œAdd person.โ€

       

      A form will populate that looks like this:

       

       

      Fill in the following fields:

      3. User type: User

      4. First name

      5. Last name

      6. Username = users email

      7. Groups: This can be skipped unless you've personally added groups in Okta.

      8. Password: Set by user.

      9. Check the box: Send user activation email now.

      10. Click โ€œSave.โ€

      ๐Ÿ“˜ Step 5

      The user will receive a welcome email from Okta that looks like the following example:

       

      The email includes:

      1. A link to activate Okta

      2. User's email (username)

      3. Organizations' direct sign-in page

      Okta activation links expire 7-days after theyโ€™re sent. Users must set their own password before the link expires.

      ๐Ÿšง If the setup does not work, you must retry these steps from the beginning. Double-check your Client Secret to ensure it is entered correctly.

      To Enable SSO Only:

      1. The billing admin or admin will go to the Account "Settings" page

      2. At the bottom of the page, toggle on the "Require login via SSO" option

      3. The update will refresh the page and automatically save

      If you have additional questions, please feel free to email support@trainual.com.