Articles in this section

See more

Setting up Single Sign-on (SSO) with Okta

Avatar
Chris
Updated
Follow

Objective

The purpose of this article is to provide direction to Outreach Admins in configuring SSO with Okta.

Outreach is now compatible with Single Sign On (SSO) applications like Okta, Salesforce, and Onelogin. This article is specific to connecting Okta and Outreach, but if you would like to connecting other SSO applications, you can follow the hyperlinks below:

Applies To

In order to setup Okta with Outreach, the following are required:

  • Admin privileges in Outreach
  • Admin privileges in Okta

If you are unsure of who your identity provider (Okta) admin is, we recommend contacting your IT team.

Procedure

Step 1: Setting up Okta

1.1 Create a new application by clicking “Add Application”, and choose “SAML 2.0”

Image_2017-08-09_at_8.36.24_AM.png

1.2 Select the SAML 2.0 option

Image_2017-08-09_at_8.37.08_AM.png

1.3 “name” the Okta <> Outreach connection to differentiate it from your other applications

Image_2017-08-09_at_8.37.32_AM.png

1.4 Complete your SAML general settings

Notes

  1. Fill in a placeholder for both “Single sign on URL” and “Audience URI (SP Entity ID)”. We will fill in appropriate values later in Step 3.
  2. Inside “Attribute Statements” section, fill in “email”, and choose “user.email” to go along with it.

 

Image_2017-08-09_at_8.38.43_AM.png

 

1.5 Choose “I’m a Okta customer adding an internal app”, then “Finish”


Image_2017-08-09_at_8.39.11_AM.png

1.6 Now that you have the application, click the “View Setup Instructions”

Image_2017-08-09_at_8.39.36_AM.png

1.7 The newly opened tab should have three pieces of information:

  1. Identity Provider Single Sign-On URL
  2. Identity Provider Issuer
  3. X.509 Certificate: please download it to your computer, you will need to upload it in step 2 below.

Note: For all 3 items above, please save them to your computer as they will be utilized in step 2 below.

Image_2017-08-09_at_8.39.56_AM.png

Step 2. Create the Identity Provider inside Outreach

2.1 As an Outreach admin, you will navigate to the Org’s “Setting” page by going to Settings >> Org, and click the link to “Setup Single Sign On”.

SSO_Okta_001.gif

2.2 If it is an org without Idp setup, click “Add Identity Provider”.

Image_2019-06-07_at_1.54.26_PM.png

2.3 Add the requested identity provider information

>The information requested in this section is from step 1.7 above.

Image_2019-06-18_at_5.01.53_PM.png

Note: The above screenshot contains two advanced settings: "Use NameId Instead of Email" and "Enable just-in-time new user provision". We do NOT recommend checking these options unless the functions of each are understood and needed by your organization. You can read more on these advanced settings in Advanced Settings For Identity Provider (SSO).

2.4 Retrieve setup information from Outreach to put into Okta

Image_2019-06-07_at_3.53.26_PM.png

Now find the “Setup Info” section. Copy the “ACS URL” and “Service Provider Entity ID”, we will update the Okta application with this information in step 3 below.

Image_2019-06-10_at_2.20.07_PM.png

Step 3. Update Okta Application

3.1 Go back to Okta Application, Click on the “General” tab, and the “Edit” button inside “SAML Settings”.

Image_2017-08-09_at_8.47.47_AM.png

3.2 Fill in the two pieces of information from 2.3, leave all others alone, and “Save”

Image_2017-08-09_at_8.48.05_AM.png

3.3 Assign your users into this application

Image_2017-08-09_at_8.48.22_AM.png

Step 4. Enable SSO inside Outreach Accounts

4.1 Return to your Outreach account and click “Test” to see if the identity provider is set up correctly.

Image_2019-06-10_at_2.36.15_PM.png



If successful, you should see a success page. Please examine the “User email” and make sure it matches with user login email inside Outreach.

Image_2017-08-09_at_8.49.21_AM.png

4.2 Click “Back”, check “Enable”, and click “Save”.


Image_2019-06-10_at_2.39.35_PM.png

Congrats! SSO is now enabled!





Related articles