Set Up Guide for Okta SSO

Set up SSO (single sign-on) with Okta.

πŸ“ Please note:

  1. SSO integrations are only available under select subscriptions. Reach out to support directly to see if your plan qualifies. πŸ“§

  2. You will still need to add people to your Trainual account in order for them to be active in your account and for the SSO login to be effective.

Learn how to add new teammates here!

πŸ“• Step 1

Connect Trainual as a new application within your Okta dashboard.

  1. Click β€œApplications” in the side navigation of your Okta dashboard.

  2. Click β€œCreate app integration.”

  3. Select β€œOIDC - OpenID Connect” as the sign-on method.

  4. Select the β€œWeb application” type.

  5. Click β€œNext.”

You'll then be led to application settings:

  1. Name: Put β€œTrainual” (or whatever makes sense for you).

  2. Sign-in Redirect URI: Copy and paste. https://app.trainual.com/users/auth/oktaoauth/callback

    🚨 If you are using a custom domain for your Trainual account, you will need to add the custom domain redirect URL in addition to the original Trainual redirect URL noted above.

    ➑ Custom Domain URL: https://app.whatever-custom-domain-it-is.com/users/auth/oktaoauth/callback

  3. Sign-out Redirect URI: Skip/clear this field. Trainual does not currently support the sign-out redirect flow.

  4. Base URI: Skip/clear this field as well unless this criterion applies to your account setup. If it does apply, add URI(s) as necessary.

  5. Assignments: If you have already created custom groups in Okta, feel free to add those groups here. If not, select β€œAllow everyone in your organization to access.”

  6. Click β€œSave.”

πŸ“• Step 2

Next, you'll be redirected to a page in your Okta dashboard that provides the client ID, client secret, and Okta domain.

🚨Don't close this page, you will lose the Client Secret!

 

In a new browser tab, head to your Trainual account to connect Okta as an integration.

Note: Make sure to log into Trainual as an admin.

 

  1. Expand the Account options from the left-hand navigation menu and choose "Integrations."

  2. Search and select β€œOkta.”

  3. Click "Connect Your Okta account.”

  4. Copy over the client ID, client secret, and Okta domain from your open Okta tab and paste them into the correlating fields in the Trainual form.

  5. Click β€œSubmit.”

 

πŸ“ Please note: If the integration is successfully connected, you'll see two buttons appear on the Okta integrations page within Trainual: "View integrations" and "Deactivate integration."

To test the single sign-on with Okta:

Sign out of your Trainual account. Then, head back to the login page. You should now see a β€œSign in with Okta” button.

 

 

If you don't see this button, try clearing your browser history and refresh your page.

πŸ‘‰ Click Sign in with Okta to authenticate with your Okta credentials

πŸ“ Please note: When you log in using the Okta integration, you'll be prompted to authenticate using your Okta credentials. After that, you will automatically be signed on via Okta when they return to Trainual. If you'd like to add additional users to Okta, proceed to step 3!

(As Needed) Adding users to your Okta dashboard

Steps 3 through 5 outline how to add users to your Okta dashboard so that they can utilize the Trainual-Okta SSO integration.

πŸ“• Step 3

Log in to Okta as an β€œAdministrator” here.

πŸ“— Step 4

Add a user in Okta.

  1. In the Okta admin console, click β€œDirectory” from the side navigation.

  2. Click β€œPeople.”

  3. Click β€œAdd person.”

 

A form will populate that looks like this:

 

 

Fill in the following fields:

3. User type: User

4. First name

5. Last name

6. Username = users email

7. Groups: This can be skipped unless you've personally added groups in Okta.

8. Password: Set by user.

9. Check the box: Send user activation email now.

10. Click β€œSave.”

πŸ“˜ Step 5

The user will receive a welcome email from Okta that looks like the following example:

 

The email includes:

  1. A link to activate Okta

  2. User's email (username)

  3. Organizations' direct sign-in page

Okta activation links expire 7-days after they’re sent. Users must set their own password before the link expires.

🚧 If the setup does not work, you must retry these steps from the beginning. Double-check your Client Secret to ensure it is entered correctly.

To Enable SSO Only:

  1. The billing admin or admin will go to the Account "Settings" page

  2. At the bottom of the page, toggle on the "Require login via SSO" option

  3. The update will refresh the page and automatically save

If you have additional questions, please feel free to email support@trainual.com.