How to Configure SAML 2.0 for Offishall

<aside> 🚨 This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

</aside>

<aside> ⚠️ Read this before you enable SAML Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL Offishall does not provide backup log-in URL where users can sign-in using their normal username and password. You can email Offishall support ([email protected]) to turn off SAML, if necessary.

</aside>

Supported Features

The Okta/Offishall SAML integration currently supports only Service Provider-initiated Single Sign-On (SP-initiated SSO).

For more information, visit the Okta Glossary.

Configuration Steps

1. Login to your Offishall account as an administrator. Click on Admin then select users

   

   Select Okta

   

1. Make sure provisioning is enabled:

1. Choose a custom domain to point your users to for signin-in to offishall (ex: [your-offishall-subdomain].offishall.io), then click Save:

1. Scroll to the Single Sign-on SAML section, then enter the following (see screen shot at end of step for reference):

   • Entity ID: You can find this information in the SAML Settings in Okta
   • SSO URL: You can find this information in the SAML Settings in Okta
   • Signing Certificate: Copy and paste the following (in PEM text format):
   • Click Save.

   

2. Done!

<aside> 💡 Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Offishall

</aside>

SP-initiated SSO

1. Go to https://[your-offishall-subdomain].offishall.com/signin.
2. Click Sign in