All Collections
Integrations
Set Up Guide for Okta SSO
Set Up Guide for Okta SSO

Setup SSO (single sign on) with Okta.

Cindy Bellers avatar
Written by Cindy Bellers
Updated over a week ago

📝 Please note:

  1. SSO integrations are only available under select subscriptions. Reach out to support directly to see if your plan qualifies. 📧

  2. You will still need to add people to your Trainual account in order for them to be active in your account and for the SSO login to be effective.

📕 Step 1

Connect Trainual as a new application within your Okta dashboard.

  1. Click “Applications in the side navigation of your Okta dashboard.

  2. Click “Create app integration.

  3. Select “OIDC - OpenID Connect” as the sign-on method.

  4. Select the “Web application” type.

  5. Click Next.

You'll then be led to application settings:

  1. Name: Put “Trainual” (or whatever makes sense for you).

  2. Sign-in Redirect URI: Copy and paste. https://app.trainual.com/users/auth/oktaoauth/callback

    🚨 If you are using a custom domain for your Trainual account, you will need to add the custom domain redirect URL in addition to the original Trainual redirect URL noted above.

  3. Sign-out Redirect URI: Skip/clear this field. Trainual does not currently support the sign-out redirect flow.

  4. Base URI: Skip/clear this field as well unless this criterion applies to your account setup. If it does apply, add URI(s) as necessary.

  5. Assignments: If you have already created custom groups in Okta, feel free to add those groups here. If not, select “Allow everyone in your organization to access.”

  6. Click “Save.”

📕 Step 2

Next, you'll be redirected to a page in your Okta dashboard that provides the client ID, client secret, and Okta domain.

🚨Don't close this page, you will lose the Client Secret!

In a new browser tab, head to your Trainual account to connect Okta as an integration.

Note: Make sure to log into Trainual as an admin.

  1. Expand the Account options from the left-hand navigation menu and choose "Integrations."

  2. Search and select “Okta.”

  3. Click "Connect Your Okta account.”

  4. Copy over the client ID, client secret, and Okta domain from your open Okta tab and paste them into the correlating fields in the Trainual form.

  5. Click “Submit.”

📝 Please note: If the integration is successfully connected, you'll see two buttons appear on the Okta integrations page within Trainual: "View integrations" and "Deactivate integration."

To test the single sign-on with Okta:

Sign out of your Trainual account. Then, head back to the login page. You should now see a “Sign in with Okta” button.

If you don't see this button, try clearing your browser history and refresh your page.

👉 Click Sign in with Okta to authenticate with your Okta credentials

📝 Please note: When you log in using the Okta integration, you'll be prompted to authenticate using your Okta credentials. After that, you will automatically be signed on via Okta when they return to Trainual. If you'd like to add additional users to Okta, proceed to step 3!

(As Needed) Adding users to your Okta dashboard

Steps 3 through 5 outline how to add users to your Okta dashboard so that they can utilize the Trainual-Okta SSO integration.

📕 Step 3

Log in to Okta as an “Administrator” here.

📗 Step 4

Add a user in Okta.

  1. In the Okta admin console, click “Directory” from the side navigation.

  2. Click “People.”

  3. Click “Add person.

A form will populate that looks like this:

Fill in the following fields:

3. User type: User

4. First name

5. Last name

6. Username = users email

7. Groups: This can be skipped unless you've personally added groups in Okta.

8. Password: Set by user.

9. Check the box: Send user activation email now.

10. Click “Save.”

📘 Step 5

The user will receive a welcome email from Okta that looks like the following example:

The email includes:

  1. A link to activate Okta

  2. User's email (username)

  3. Organizations' direct sign-in page

Okta activation links expire 7-days after they’re sent. Users must set their own password before the link expires.

🚧 If the setup does not work, you must retry these steps from the beginning. Double-check your Client Secret to ensure it is entered correctly.

To Enable SSO Only:

  1. The billing admin or admin will go to the Account "Settings" page

  2. At the bottom of the page, toggle on the "Require login via SSO" option

  3. The update will refresh the page and automatically save

If you have additional questions, please feel free to email support@trainual.com.

Did this answer your question?