The purpose of this article is to provide direction to Outreach Admins in configuring SSO with Okta.
Outreach is now compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting Okta and Outreach, but if you would like to connecting other SSO applications, you can follow the hyperlinks below:
In order to setup Okta with Outreach, the following are required:
- Admin privileges in Outreach
- Admin privileges in Okta
If you are unsure of who your identity provider (Okta) admin is, we recommend contacting your IT team.
Setting up Single Sign-On
Step 1: Setting up Okta
1.1 Create a new application by clicking “Add Application”, and choose “SAML 2.0”
1.2 Select the SAML 2.0 option
1.3 “name” the Okta <> Outreach connection to differentiate it from your other applications
1.4 Complete your SAML general settings
- Fill in a placeholder for both “Single sign on URL” and “Audience URI (SP Entity ID)”. We will fill in appropriate values later in Step 3.
- Inside “Attribute Statements” section, fill in “email”, and choose “user.email” to go along with it.
1.5 Choose “I’m a Okta customer adding an internal app”, then “Finish”
1.6 Now that you have the application, click the “View Setup Instructions”
1.7 The newly opened tab should have three pieces of information:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate: please download it to your computer, you will need to upload it in step 2 below.
NOTE: For all 3 items above, please save them to your computer as they will be utilized in step 2 below.
Step 2. Create the Identity Provider inside Outreach
2.1 As an Outreach admin, you will navigate to the Org’s “Setting” page by going to Settings >> Org, and click the link to “Setup Single Sign On”.
2.2 If it is an org without Idp setup, click “Add Identity Provider”.
2.3 Add the requested identity provider information
>The information requested in this section is from step 1.7 above.
NOTE: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO).
2.4 Retrieve setup information from Outreach to put into Okta
Now find the “Setup Info” section. Copy the “ACS URL” and “Service Provider Entity ID”, we will update the Okta application with this information in step 3 below.
>Step 3. Update Okta Application
3.1 Go back to Okta Application, Click on the “General” tab, and the “Edit” button inside “SAML Settings”.
3.2 Fill in the two pieces of information from 2.3, leave all others alone, and “Save”
3.3 Assign your users into this application
>Step 4. Enable SSO inside Outreach Accounts
4.1 Return to your Outreach account and click “Test” to see if the identity provider is set up correctly.
If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.
4.2 Click “Back”, check “Enable”, and click “Save”.
Congrats! SSO is now enabled!