SAML 2.0 with Okta
This guide will step through the requirements for connecting your existing Okta account with SAML 2.0 SSO in Claret.
Last updated
This guide will step through the requirements for connecting your existing Okta account with SAML 2.0 SSO in Claret.
Last updated
Step One: Within your enterprise/company Okta account, click on "Create App Integration" from the "Applications -> Applications" menu.
Step Two: On the Sign-in method modal, select SAML 2.0
Step Three: Name your Claret integration application ("Claret" will work nicely), and feel free to use the logo image below for the logo. This is your own internal application, so whether you use the logo and what you decide to name the application is entirely up to you.
Step Four: Add the following details to the SAML Settings in the "Configure SAML" tab:
NOTE: All references to {your_tenant_id} in the URLs below should be replaced with the tenancy ID (which is a string) for your Claret instance.
For example, our demo instance is at plan.claret.app/demo. So, demo is our tenancy ID there. Our zymoeno instance is at plan.claret.app/zymoeno. So zymoeno is our tenancy ID there.
Therefore, everywhere that {your_tenant_id} is referenced below would be replaced with zymoeno for our zymoeno instance and demo for our demo instance.
Single sign-on URL
This will be https://plan.claret.app/{your_tenant_id}/saml2/callback
(e.g. https://plan.claret.app/zymoeno/saml2/callback)
Audience URI (SP Entity ID)
This will be https://plan.claret.app/{your_tenant_id}/saml2/callback
(e.g. https://plan.claret.app/zymoeno/saml2/callback)
Default Relay State
This will be https://plan.claret.app/{your_tenant_id}/saml2/callback
(e.g. https://plan.claret.app/zymoeno/saml2/callback)
Name ID format
This will be EmailAddress
Application username
This will be Email
Update application username on
This will be Create and update
email [Unspecified] => user.email
firstName [Unspeficified] => user.firstName
lastName [Unspecified] => user.lastName
Step Five: Feedback Tab
Answer the questions in this tab as follows:
Are you a customer or partner?
Select: "I'm an Okta customer adding an internal app"
App type
Select "This is an internal app that we have created"
NOTE: within your Okta application, you will be able to assign users and groups to the Claret SSO integration application under the "Assignments" tab.
Once the Integration application is set up, you will see some information in the "Sign On" tab. At the bottom of this screen, you will see a button that reads "View SAML setup instructions". Click this button.
This will open a separate window which will contain the data you will need to associate your new SSO application with Claret. That window will look like the image below.
An Admin user on the Claret application can now input these details as follows:
Visit https://plan.claret.app/{your_tenant_id}/settings/application-maintenance/saml-manager
You can click on Add SAML Provider on the main screen if this is your first SAML connection, or on the "Add SAML Provider" link in the menu in the upper-right-hand corner of the screen.
The form to add the information that you were provided in the "How to Configure SAML 2.0 for [Claret] Application" window above can now be entered into the Claret SAML form.
Once the information is submitted, you will see a new option on the Claret login form. Anyone in your Okta application that you have granted access to the Claret integration will be able to use this new "Login with Okta" method to sign in to their existing Claret account.
