In order to proceed with configuring login with SSO through Okta, you must:
- Have access to an Okta tenant.
- Be an Okta administrator to that tenant.
- Have an Assembled-provisioned company account (Enterprise tier).
If you do not have an Assembled-provisioned company account, please email firstname.lastname@example.org to request an invite. If you are not an Enterprise or Pro customer but are interested in implementing Okta, our team can assist you in discussing feasibility and your options.
The following documents the configurations for setting up the OIDC integration between Assembled and Okta. Okta is the Identity Provider (IDP) and depending on the use case, the user will be redirected to Okta for authentication if no session has been established.
Configuring the initial integration
To configure your provisioning settings for Assembled in Okta, you will need to follow the steps below:
Retrieve credentials from Okta
- Login to your organization’s Okta tenant.
- Navigate to Applications > Applications > Browse App Catalog, search for Assembled, and then click Add.
- Enter an Application Label in General Settings. This is the name under which the Assembled app will appear in your Okta dashboard.
- Click Done.
- Then under the Sign On tab of the Assembled application, copy down the Client ID and Client Secret.
- Under the General tab, find the Okta Domain (or Issuer URL), which is the URL at which you are accessing your Okta tenant (https://example.okta.com), for step 3.2 below. This URL also appears in the Embed Link section. Be sure to remove everything appearing after okta.com.
- Once you have all the information (summarized below), email it to email@example.com and our support team will handle your request and let you know when the integration is configured.
- Client ID
- Client Secret
- Okta Domain
- Create a new tile with the URL as https://app.assembledhq.com/api/okta/login?company_name=<YOUR_COMPANY_NAME_HERE> (do not include "<").
- Please note that the default Assembled tile in Okta does not authenticate into Assembled. You need to create a new tile bookmark using the above link. Instructions on how to do that in Okta are in this article.
- <YOUR_COMPANY_NAME_HERE> must be formatted like a link. For example, a company name of "My Company" would need to be formatted to my+company in the link. Use a link encoder if you want to test how the link should look.
- You can now use that tile to log-in to Assembled.
Provisioning new users
Logging in via Okta is enabled by default. However, users must be provisioned in Assembled before their first login. To provision a user:
- If it’s the first user: Contact the Assembled Support team at firstname.lastname@example.org and request that they provision your first account. Include your name and email as information.
- If it’s future users:
- An admin must login and navigate to the People page.
- Click Add and then Add again.
- Alternatively, you can click on Import from CSV or add from your connected integration if you are provisioning a lot of users.
- Fill in the requisite information and then click Add person.
- Leave the option to send an invite email unchecked.
Congrats! You've provisioned a user who can now log-in via Okta!
- Go to https://app.assembledhq.com/login.
- Click Sign in with Okta.
- Enter the company name provided to you from email@example.com.
The Okta SAML integration currently supports the following features:
- SP-initiated SSO.
For more information on the listed features, visit the Okta Glossary.