📝 Please note:
This setup guide is for Scale accounts only.
You will still need to add people to your Trainual account in order for them to be active in your account and for the SSO login to be effective.
Learn how to add new teammates here!
📕 Step 1
Connect Trainual as a new application within your Okta dashboard.
Click “Applications” in the side navigation of your Okta dashboard.
Click “Create app integration.”
Select “OIDC - OpenID Connect” as the sign-on method.
Select the “Web application” type.
You'll then be led to application settings:
Name: Put “Trainual” (or whatever makes sense for you).
Sign-in Redirect URI: Copy and paste. https://app.trainual.com/users/auth/oktaoauth/callback
🚨 If you are using a custom domain for your Trainual account, you will need to add the custom domain redirect URL in addition to the original Trainual redirect URL noted above.
➡ Custom Domain URL: https://app.whatever-custom-domain-it-is.com/users/auth/oktaoauth/callback
Sign-out Redirect URI: Skip/clear this field. Trainual does not currently support the sign-out redirect flow.
Base URI: Skip/clear this field as well unless this criterion applies to your account setup. If it does apply, add URI(s) as necessary.
Assignments: If you have already created custom groups in Okta, feel free to add those groups here. If not, select “Allow everyone in your organization to access.”
📕 Step 2
Next, you'll be redirected to a page in your Okta dashboard that provides the client ID, client secret, and Okta domain.
🚨Don't close this page, you will lose the Client Secret!
In a new browser tab, head to your Trainual account to connect Okta as an integration.
Note: Make sure to log into Trainual as an admin.
Expand the Account options from the left-hand navigation menu and choose "Integrations."
Search and select “Okta.”
Click "Connect Your Okta account.”
Copy over the client ID, client secret, and Okta domain from your open Okta tab and paste them into the correlating fields in the Trainual form.
📝 Please note: If the integration is successfully connected, you'll see two buttons appear on the Okta integrations page within Trainual: "View integrations" and "Deactivate integration."
To test the single sign-on with Okta:
Sign out of your Trainual account. Then, head back to the login page. You should now see a “Sign in with Okta” button.
If you don't see this button, try clearing your browser history and refresh your page.
👉 Click Sign in with Okta to authenticate with your Okta credentials
📝 Please note: When you log in using the Okta integration, you'll be prompted to authenticate using your Okta credentials. After that, you will automatically be signed on via Okta when they return to Trainual. If you'd like to add additional users to Okta, proceed to step 3!
(As Needed) Adding users to your Okta dashboard
Steps 3 through 5 outline how to add users to your Okta dashboard so that they can utilize the Trainual-Okta SSO integration.
📕 Step 3
Log in to Okta as an “Administrator” here.
📗 Step 4
Add a user in Okta.
In the Okta admin console, click “Directory” from the side navigation.
Click “Add person.”
A form will populate that looks like this:
Fill in the following fields:
3. User type: User
4. First name
5. Last name
6. Username = users email
7. Groups: This can be skipped unless you've personally added groups in Okta.
8. Password: Set by user.
9. Check the box: Send user activation email now.
10. Click “Save.”
📘 Step 5
The user will receive a welcome email from Okta that looks like the following example:
The email includes:
A link to activate Okta
User's email (username)
Organizations' direct sign-in page
Okta activation links expire 7-days after they’re sent. Users must set their own password before the link expires.
🚧 If the setup does not work, you must retry these steps from the beginning. Double-check your Client Secret to ensure it is entered correctly.
To Enable SSO Only:
The billing admin or admin will go to the Account "Settings" page
At the bottom of the page, toggle on the "Require login via SSO" option
The update will refresh the page and automatically save
If you have additional questions, please feel free to email firstname.lastname@example.org.