Okta

← Back to SAML section

• Availability
  • Plan: Any Advanced module
  • On a legacy plan? Click here for more info
• Roles and Permissions
  • Admins only

Using Okta allows you to set up a direct link from your Okta dashboard to ProdPad. This will allow users to log in to ProdPad without having to enter a password in ProdPad.

The Okta / ProdPad link supports the following capabilities:

• Login from the Okta dashboard into ProdPad.
• The user can also log in to ProdPad via Okta if they go to https://app.prodpad.com/ .
• Just-in-time provisioning: if a user has never logged into ProdPad before and they click on the ProdPad app in the Okta dashboard, a role will be created for them in your account. The role will have a reviewer type.
• For Performance and Enterprise plan customers, please contact us if you wish to have your users auto-provisioned and fully managed in Okta.

In ProdPad

1. To start, go to Account Settings and select the Security tab.
2. Now select the SSO/SAML sub-tab.
3. Click the "Add authentication type" button and select Okta from the dropdown list.
   
   
4. Keep the modal open (you will need these URLs) and go to Okta.

In Okta

1. Go to the Applications tab in the Admin view of Okta.
2. Click on the "Add application" button and then the "Create New App" button.
3. In the modal, select Web and SAML and click on "Create".
4. Add "ProdPad" as the name and upload the logo (available at the bottom of the page) and then click "Next".
5. On the next page, in the Single sign on URL, copy & paste the ACS/Reply URL from ProdPad (https://api.prodpad.com/api/v2/sso/saml/acs)
6. In the Audience URI, copy & paste the Audience/Identifier URL from ProdPad (https://api.prodpad.com/api/v2/sso/saml/metadata)
7. Select the option "emailAddress" from the Name ID format select box.
8. Select the option "Email" from the Application username select box.
9. In the attributes section add an attribute "User.FirstName" and set the value to "user.firstName"
10. Add another attribute "User.LastName" and set the value to "user.lastName"
11. Click the green next button.
12. Click next again.
13. Click the "View setup instructions" option.

In ProdPad

1. Click the "Next" button on the Okta modal.
2. Copy the URL/value from the field "Identity Provider Issuer" in Okta into the field labelled "IdP Entity ID/URL" in ProdPad.
3. Copy the URL in the "Identity Provider Single Sign-On URL" field in Okta into the field "IdP SAML Single Sign-On URL" in ProdPad.
4. If applicable, copy the URL in the field "SLO Endpoint" in Okta into the "Logout URL" field in ProdPad.
5. Paste the text of X.509 certificate into the X.509 certificate field.
   
   

   

6. Now you must decide whether you want your users to log in by IdP initiated login only or by IdP and SP initiated login. If you select IdP only, you user must login from the Okta dashboard, rather than the ProdPad login page. If you opt for IdP & SP initiated login, you must set up the Domains that your users can login from. You can read more about this here.
7. If you have opted for IdP only, hit save and you are done! Your users can now use the ProdPad app link on their Okta dashboard.
8. If you have opted for IdP & SP initiated login, from the Domains list select the domain that corresponds to the email address they will be logging in from. (Note: for a domain to appear as an option here, it must be verified under the Domains tab).
9. Hit save.

To test this, you can now go to the Identity Providers console and click on the ProdPad app icon. You'll then be logged into ProdPad. If you have configured for IdP and SP Initiated login, you can also go to to https://app.prodpad.com/login and enter your email. You'll then be shown a button to log in using Okta.

Just In Time role provisioning  (optional)

If you would like to be able to set a users role when they are provisioned into ProdPad at login, you can make some further configuration steps:

First, in Okta, navigate to  Directory > Profile Editor:

Search for the ProdPad app, then click ProdPad Profile from the Profile list.

Click Add Attribute.

Then enter the following information:

• Display Name: Enter ProdpadRole.
• Variable Name: Enter ProdpadRole.

If required:

• External Name: ProdpadRole
• External Namespace: urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified

Click Save:

Next, you need to set the attribute mappings between Okta Users and the ProdPad Okta app. To do this click Mappings.

Then select the Okta User to ProdPad tab. Scroll to find the ProdpadRole attribute, click into the select list on the left column and select the ProdpadRole option. Then select Apply mapping on user create and update.

The last step is to add the attribute to the Application settings. First, find your ProdPad application under Applications.

Then select General, and next to SAML settings click Edit.

Click Next to access the Configure SAML tab and scroll down to 'Attribute Statements (optional)', click Add another and set:

• Name - User.ProdpadRole
• Name format - Unspecified
• Value - user.ProdpadRole

Note: the casing needs to match the above for the correct attributes and values to be picked up.

Now scroll down and click Next, and then Finish.

Now, when you create or edit users, you can specify the attribute ProdpadRole.The value needs to be either reviewer, editor, or admin (lower case). If the role is not specified, a user will log into ProdPad as a Reviewer.

ProdPad Logos

You can download the ProdPad logos below:

ProdPad Logo (color) 

ProdPad Logo (plain)