Configuring SAML > Okta
Note: Single Sign-on may not be available in your plan. Please contact your Advocacy Coach to learn more.
This article will cover how you can configure a SAML Single Sign-On setup for AdvocateHub using Okta as the Identity Provider. This provides your Advocates with a seamless, easy way to enter your hub using OneLogin.
Prerequisite: You need to sign up for an account with Okta. The free account may be enough for you but check out the packages offered by Okta as one of these may better suit your needs.
On your Okta dashboard, navigate to the Shortcuts menu on the right-hand side of your page and select Add Applications.
This should take you to a Add Applications page. Click the Create New App button.
This should open the Create a New Application wizard. Here we need to select 'Web' for Platform and 'SAML 2.0' for Sign On Method. After you have selected these, click save
Next, we create our SAML Integration. On the General Settings page fill out as the App Name and add a App Logo. You can select whatever App Visibility setting you like, we will leave them blank for this example. Once you are happy with your setting here, click next.
Moving on to the next tab SAML Settings. Configure this page like below. The only difference for you is that you will enter your hub subdomain in place of 'jago' in the Single Sign On URL below ie. https://
We are nearly done here. On the final Feedback tab. Select as below and click finish.
Our application is complete! Now, we need to connect this to the AdvocateHub.
For the configuration on the AdvocateHub side, we need 2 pieces of information, the SSO Endpoint URL and the SSO Fingerprint.
To retrieve the SSO Endpoint URL head back to Okta and our application, go to the Sign On tab.
If we scroll towards the bottom of this page we will find a View Setup Instructions button, click this and it will open a new tab.
In the new tab we should see a Identity Provider Single Sign-On URL, this is what we need. Copy this to your clipboard and open up your AdvocateHub. Navigate to Settings > Login/Security and paste it in the SSO Endpoint URL field:
Finally, we need the Fingerprint. If we scroll down on the same page where we retrieved our Identity Provider Single Sign-On URL, you should see another section called X.509 Certificate. We need to derive the fingerprint from this.
I like using this tool but feel free to use another one if you like. We need to copy the contents of this certificate to your clipboard as below (without the Begin Certificate and End Certificate)
Paste the contents into our tool like below, select sha256 as your algorithm and click Calculate
This should populate both Fingerprint fields as you can see below. Both of these are the same and both will work equally well. Copy one of these to your clip board and head back to Navigate to Settings > Login/Security in your AdvocateHub settings
Your settings should looks something the below. Save these and we should be all set!
If you have any other questions on how SAML works with the AdvocateHub then please reference our FAQ article.