In order to proceed with configuring login with SSO through Okta, you must:
- Have access to an Okta tenant
- Be an Okta administrator to that tenant
- Have an Assembled-provisioned company account (Enterprise)
If you do not have an Assembled-provisioned company account, please email email@example.com to request an invite. If you are not an Enterprise customer but are interested in implementing Okta, our support team can assist you in discussing feasibility and your options.
The following documents the configurations for setting up the OIDC integration between Assembled and Okta. Okta is the Identity Provider (IDP) and depending on the use case, the user will be redirected to Okta for authentication if no session has been established.
Configuring the initial integration
To configure your provisioning settings for Assembled in Okta, you will need to follow the steps below:
Retrieve credentials from Okta
- Login to your organization’s Okta tenant.
- Navigate to Applications > Applications > Browse App Catalog, search for Assembled, and then click Add.
- Enter an Application Label in General Settings. This is the name under which the Assembled app will appear in your Okta dashboard.
- Click Done.
- Then under the Sign On tab of the Assembled application, copy down the Client ID and Client Secret.
- Under the General tab, find the Okta Domain (or Issuer URL), which is the URL at which you are accessing your Okta tenant (https://example.okta.com), for step 3.2 below. This URL also appears in the Embed Link section. Be sure to remove everything appearing after okta.com.
- Once you have all the information (summarized below), email it to firstname.lastname@example.org and our support team will handle your request and let you know when the integration is configured.
- Client ID
- Client Secret
- Okta Domain
- Create a new tile with the URL as https://app.assembledhq.com/api/okta/login?company_name=<YOUR_COMPANY_NAME_HERE>
- You can now use that tile to log-in to Assembled.
Provisioning new users
Logging in via Okta is enabled by default. However, users must be provisioned in Assembled before their first login. To provision a user:
- If it’s the first user: Contact the Assembled Support team at email@example.com and request that they provision your first account. Include your name and email as information.
- If it’s future users: Login to your account and navigate to the People page
- Click “Add” and then “Add” again
- Alternatively, you can click on “Import from CSV” if you are provisioning a lot of users.
- Fill in the requisite information and then click “Create”:
- Leave “Send Invite Email” unchecked. Congrats! You've provisioned a user who can now log-in via Okta!
- Go to https://app.assembledhq.com/login
- Click “Sign in with Okta”
- Enter the company name provided to you from firstname.lastname@example.org
The Okta SAML integration currently supports the following features
- SP-initiated SSO
For more information on the listed features, visit the Okta Glossary.