Contents x
    SAML SSO integration with Okta
    • 20 Apr 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Contents

    SAML SSO integration with Okta

    • Updated on 20 Apr 2023
    • 2 Minutes to read
    • Print
    • Dark
      Light
    Article Summary

    SAML SSO availability

    The SAML SSO integration is only available on the Enterprise plan.

    Overview

    This page covers how to create a SAML SSO integration with Preset using Okta as your Identity Provider (IdP).

    Create the integration on Okta

    1. Access the Okta admin portal.

    2. Navigate to Applications > Applications, on the sidebar.
      Okta_sidebar.png

    3. Click on Browse App Catalog.

    Okta_App_Catalog.png

    1. Search for Preset.

    Okta_Catalog_Search.png

    1. Click on Add Integration.

    Add_Integration_Button.png

    1. Configure the application name and visibility.

    General_Settings.png

    1. You'll be redirected to the application. Navigate to the Sign On tab.

    Sign_On_Tab.png

    1. Click on View SAML setup instructions, next to the SAML Signing Certificates.

    SAML_Instructions.png

    Engage with the Preset Support team

    Send the metadata link from the instructions page to us by opening up a support ticket via the Preset Support Portal:

    Metadata_URL.png

    Also specify which domain(s) should be enforced with your SSO integration.

    Admin approval

    The SSO integration will be enforced to all accounts from your domain(s). This means that all users from your domain(s) that use Preset need to be properly configured and assigned to the Preset application in your IdP.

    To mitigate impact, the integration needs to be approved by an admin of your Preset team. If you are not a Team Admin, share the support ticket with one so they can approve the implementation.

    The Preset team will create the integration and provide a Connection ID. To configure it on Okta:

    1. Access the app created for the integration, on the Okta admin portal.

    2. Navigate to the Sign On tab.

    3. Click on Edit, next to the Settings.

    Edit_Connection_ID.png

    1. Fill the Connection ID, under Advanced Sign-on Settings.

    Connection_ID.png

    1. Under Credentials Details, set the Application username format as Custom.

    2. Use user.login as the expression.

    3. Change the Update application username on to Create only.

    SAML_Config.png

    1. Click on Save.

    After updating the configuration, test the integration.

    Important details

    Existing accounts

    If users have already been created in a team before setting up the SSO integration, Preset will merge existing users with the SSO login. For a successful merge, the email sent by the Identity Provider needs to be the same used on Preset side.

    New accounts

    Preset supports just-in-time account creation (JIT Provisioning), meaning that a Preset account is automatically created for a new user authenticating via SSO. However, this account will not be automatically added to an existing Preset team. Instead, a new Team will be created. Make sure to invite new users to your Preset team to prevent this issue.

    Alternatively, implement User Provisioning (SCIM) integration with Okta to automatically push assigned users to your Preset team.

    Testing the integration

    1. Navigate to the Preset log in page.
      Preset_Login.png

    2. Enter your email address and click on Next.

    3. You will be redirected to your IdP to perform the authentication. Once the authentication is successfully finished, your IdP will send you back to Preset.

    4. You'll be prompted to Link accounts - click on RE-AUTHENTICATE.

    Link_Accounts.png

    1. Enter the local password set before the SSO integration, and click on Log in.

    You should be logged into your existing account, with all existing permissions.

    Was this article helpful?
    What's Next