Overview
This article provides a step-by-step guide on setting up SAML Single Sign-On (SSO) for AdvocateHub using Okta as the Identity Provider. It covers the process of configuring Okta, creating a SAML integration, and integrating the SSO with AdvocateHub by obtaining the SSO Endpoint URL and SSO Fingerprint. The guide is designed to offer a seamless login experience for Advocates using OneLogin.
Information
This article will cover how to configure a SAML Single Sign-On setup for AdvocateHub using Okta as the Identity Provider. This provides your Advocates with a seamless, easy way to enter your hub using OneLogin.
Note: Single Sign-on may not be available in your plan.
Prerequisite: You need to sign up for an account with Okta. The free account may be enough for you, but check out the packages offered by Okta, as one of these may better suit your needs.
Configuring Okta
On your Okta dashboard, navigate to the Shortcuts menu on the right-hand side of your page and select Add Applications.
This should take you to a Add Applications page. Click the Create New App button.
This should open the Create a New Application wizard. Here we need to select 'Web' for Platform and 'SAML 2.0' for Sign On Method. After you have selected these, click save
Next, we create our SAML Integration. On the General Settings page fill out as the App Name and add a App Logo . You can select whatever App Visibility setting you like, we will leave them blank for this example. Once you are happy with your setting here, click next .
Moving on to the next tab SAML Settings . Configure this page like below. The only difference for you is that you will enter your hub subdomain in place of 'jago' in the Single Sign On URL below ie. https:// .influitive.com/saml/consume >.influitive.com/saml/consume. Everything else here need to be exactly as shown below. Once you are done click next at the bottom of the page.
We are nearly done here. On the final Feedback tab. Select as below and click finish .
Our application is complete! Now, we need to connect this to the AdvocateHub.
Configuring AdvocateHub
For the configuration on the AdvocateHub side, we need 2 pieces of information, the SSO Endpoint URL and the SSO Fingerprint .
To retrieve the SSO Endpoint URL head back to Okta and our application, go to the Sign On tab.
If we scroll towards the bottom of this page we will find a View Setup Instructions button, click this and it will open a new tab.
In the new tab we should see a Identity Provider Single Sign-On URL , this is what we need. Copy this to your clipboard and open up your AdvocateHub. Navigate to Settings > Login/Security and paste it in the SSO Endpoint URL field:
Finally, we need the Fingerprint. If we scroll down on the same page where we retrieved our Identity Provider Single Sign-On URL , you should see another section called X.509 Certificate. We need to derive the fingerprint from this.
I like using this tool but feel free to use another one if you like. We need to copy the contents of this certificate to your clipboard as below (without the Begin Certificate and End Certificate)
Paste the contents into our tool like below, select sha256 as your algorithm and click Calculate
This should populate both Fingerprint fields as you can see below. Both of these are the same and both will work equally well. Copy one of these to your clip board and head back to Navigate to Settings > Login/Security in your AdvocateHub settings
Your settings should looks something the below. Save these and we should be all set!
If you have any other questions on how SAML works with the AdvocateHub, then please reference our FAQ article.
FAQ
What prerequisites are needed to configure SAML SSO with Okta for AdvocateHub?
You need to have an account with Okta, which could be a free account or one of the paid packages, depending on your needs.
How do I create a new application in Okta for SAML SSO?
Access your Okta dashboard, go to the Shortcuts menu, select 'Add Applications', click 'Create New App', choose 'Web' as the platform and 'SAML 2.0' as the sign-on method, and then proceed with the wizard.
Where do I find the SSO Endpoint URL and SSO Fingerprint for configuring SSO on AdvocateHub?
The SSO Endpoint URL can be found under the 'Sign On' tab in your Okta application settings by clicking 'View Setup Instructions'. The SSO Fingerprint can be calculated using an online tool with the X.509 Certificate found on the same page.
What should I do after saving the SSO Endpoint URL and SSO Fingerprint in AdvocateHub?
After saving these settings in the 'Settings > Login/Security' section of your AdvocateHub, your SSO configuration is complete. You can refer to the FAQ article on SAML and AdvocateHub for more information.
Is Single Sign-On available for all plans on AdvocateHub?
Single Sign-On may not be available in all plans. You should contact your Advocacy Coach to learn more about the availability and integration process.