Okta SSO

Using Okta allows you to set up a direct link from your Okta dashboard to ProdPad. This will allow your users to log in to ProdPad without having to enter a password in ProdPad. 

Okta ProdPad link supports the following capabilities:

  1. Login from the Okta dashboard into ProdPad
  2. The user can also login to ProdPad using Okta from the ProdPad login page
  3. Just-in-time provisioning: if a user has never logged into ProdPad before and they click on the ProdPad app in the Okta dashboard, a role will be created for them in your account. The role will have a reviewer type unless SCIM is set up.
  4. For unlimited and enterprise accounts, you can set up SCIM so that users are auto-provisioned and can be fully managed in Okta. See the section on Okta SCIM set up

The process starts with creating an application within Okta and then creating a corresponding integration in ProdPad.

In Okta

  1. Go to the Applications tab in the Admin view of Okta.
  2. Click on the "Add application" button and then the "Create New App" button.
  3. In the modal select Web and SAML and click on create.
  4. Add "ProdPad" as the name and upload the logo (available at the bottom of the page) and then hit next.
  5. On the next page enter the URL https://api.prodpad.com/api/v2/sso/saml/acs into the Single sign on URL field.
  6. In the Audience URI enter https://api.prodpad.com/api/v2/sso/saml/metadata
  7. Select the option "EmailAddress" from the Name ID format select box.
  8. Select the option "Email" from the Application username select box.
  9. In the attributes section add an attribute "User.FirstName" and set the value to "user.firstName"
  10. Add another attribute "User.LastName" and set the value to "user.lastName"
  11. Click the green next button.
  12. Click next again.
  13. Click the "View setup instructions" option.

Almost there - now let's set things up in ProdPad!

In ProdPad

  1. To start go to Account Settings and select the Authentication tab.
  2. Select SAML 2.0 from the "Add authentication" dropdown
  3. Copy Into the field "Sign-In URL" in ProdPad, the URL from the field "Identity Provider Issuer" from the Okta setup instructions page.
  4. Copy into the field "ACS Http Endpoint" in ProdPad, the URL in the field "Identity Provider Single Sign-On URL" from the Okta setup instructions page.
  5. Leave the "Logout URL" field blank.
  6. Paste the text of X.509 certificate into the X.509 field.
  7. Add in your domain
  8. Click save
  9. You’ll be sent a link via email that you need to click on or paste into your browser in order to verify that the domain is valid. Once that is done the authentication set up will become active and your users can start using Okta to login to ProdPad

Notes

  • The domain you enter into the form must match the email domain that you are using for your own role in ProdPad. If it doesn’t match it will error.
  • Each user will need to have an email that matches the entered domain otherwise they will get a "Miss-matched email" error when trying to log in.
Have more questions? Submit a request

Comments