Overview
This article provides a step-by-step guide on setting up OKTA PostBeyond application integration, including prerequisites, enabling SAML 2.0, providing metadata and attribute variables, adding subdomains, and testing the integration. It emphasizes the importance of having a matching company internal directory for group assertions and offers resources for additional support.
Information
OKTA PostBeyond Application Integration
Learn how to set up OKTA PostBeyond application integration. In this article, we go over how to set up OKTA PostBeyond application integration.
Pre-requisites
Before you begin the integration setup, ensure you have the necessary components in place.
OKTA Integration Set-up
Follow these steps to configure the OKTA integration with your PostBeyond application.
Pre-requisites
Before getting started, make sure that you have created your Okta account. Once created, add the PostBeyond application in Okta.
OKTA PostBeyond Application Integration Set-up
The Okta/PostBeyond SAML integration currently supports the following feature:
IdP-initiated SSO
Configuration Steps
1. Enable SAML 2.0 for Your Account
Contact the PostBeyond Support team and request that they enable SAML 2.0 for your account.
2. Provide Metadata File & 3 Attributes Variable Names
A. Metadata file: Can be found in the Application > Sign On tab.
B. The 3 attribute variables: PostBeyond needs these 3 attributes:
- First Name
- Last Name
In Okta, go to Directory > Profile Editor > (and beside the OKTA application) Profile:
NOTE: We recommend not creating attributes in the PostBeyond application. If you have, please remove them as we will pull the attributes from your general OKTA set-up.
From there, please provide us with the variable names for:
- User first name
- User last name
3. Add Your Subdomain
In Okta, select the General tab for the PostBeyond app, then click Edit.
- Enter the subdomain into the Subdomain field. This is the subdomain you have arranged with PostBeyond (i.e. https://(your-subdomain).postbeyond.com)
- Click Save.
OPTIONAL: Send Groups as Part of SAML Assertion
- In Okta, select the Sign On tab for the PostBeyond app, then click Edit.
- Select the appropriate filter from the groups dropdown menu and type the preferred value into the field.
- Click Save.
IMPORTANT: For the grouping to work, your company's internal directory has to match the PostBeyond group set-up identically. If it does not, we recommend not performing this step as it can cause complications.
Step 4: PostBeyond to Complete the Process Internally
After you have sent PostBeyond the Metadata file & three attribute variables, PostBeyond will finalize the process and provide you with an expected date of completion. This process can take up to 3 weeks to complete as it will need to be funneled into the upcoming sprint.
Step 5: Testing & Troubleshooting
Immediately after the process is completed, make sure to test logging in from the OKTA directory. If you run into any issues, please contact your CSM to begin troubleshooting.
Helpful Resources
Below are some resources that provide additional information:
- Difference between PostBeyond OKTA application & Custom OKTA application
- Overview & Understanding SSO Logins
- Setting up SAML SSO (all IdPs but OKTA)
FAQ
What are the prerequisites for setting up OKTA PostBeyond application integration?
The prerequisites include having an Okta account and adding the PostBeyond application in Okta. Additionally, you should contact PostBeyond support to enable SAML 2.0 for your account.
What information is required from Okta to set up the integration with PostBeyond?
You need to provide PostBeyond with the metadata file from the Okta Application Sign On tab and the variable names for three attributes from the Okta Directory Profile Editor.
How long does it take for PostBeyond to complete the integration process internally?
The internal completion process by PostBeyond can take up to 3 weeks as it needs to be scheduled into the upcoming sprint.
What should I do if I encounter issues after the integration process is completed?
If you encounter any issues after the integration is completed, you should immediately contact your Customer Success Manager (CSM) to begin troubleshooting.
Is it necessary to send groups as part of the SAML assertion during the integration setup?
Sending groups as part of the SAML assertion is optional and should only be done if your company's internal directory matches the PostBeyond group setup identically to avoid complications.