Okta SAML (Login) Integration

Created by Shubham Saxena, Modified on Thu, 11 Jul at 1:14 AM by Abinaya Ramakrishnan

Overview

Spendflo provides SAML 2.0 integration to its user base, who use Okta as their IAM solution. With this integration, the users will be able to login to Spendflo seamlessly with their Okta account. Please follow the steps to configure Okta SAML login for Spendflo.


Setup in Okta

1. Go to the Okta admin section. (https://{{your_domain}}-admin.okta.com/admin/apps/active)

2. In the admin console, go to Applications > Applications.

3. Click Create app integration.

4. Select SAML 2.0 and click Next.



Configure General Settings


In the general settings, enter the app name (for example, Spendflo SAML), upload a logo for the app, then click Next.



Configure SAML Setting

To configure the SAML setting, we first need to go to Spendflo; please follow the below steps:

1. Go to Spendflo, Users>SSO.

2. Click on Add New connection button on the top right



3. In the next screen, copy the values of the ACS URL and Entity ID separately and save them somewhere; we’ll need to paste them in Okta in the next step



4. Keep this page open since we'll come back here again


Completing the SAML setting


1. Paste the values copied from Spendflo on Okta in the following way:

  • ACS URL copied from Spendflo to Single sign-on URL in Okta
  • Entity ID copied from Spendflo to Audience URI (SP Entity ID) in Okta



2. Choose the Name ID format of Email address and Application username as Okta username, and click Next.

3. When asked if you are a customer or a partner, select “I'm an Okta customer adding an internal app.”



4. Click Finish


Configuring the SAML setup instruction


1. In the Settings section of the Sign On tab, locate and click on View SAML setup instructions on the right side.

2. Copy the Identity Provider Single Sign-On URL and X.509 Certificate separately and save them somewhere; we’ll need to paste them on the Spendflo SSO page in the next step.



Set access permissions on Okta


1. Go to the Application page in Okta and click on the gear icon on the app you just set up.

2. If you want to share the access only with a few users, you can choose the option assign to users

3. We recommend providing access to everyone, to achieve that select assign to group option and click assign to everyone on the next page.



Go Back to Spendflo


1. Head back to the Spendflo User>SSO page that was open in the other tab and do the following

2. Paste the Single sign-on URL from okta in the SSO Endpoint

3. Paste X.509 From Okta in Public Certificate, you IDP is now configured



4. In the claim domain section, add the domain name "spendflo.com"

5. Copy the Record Name and Record Value to create a new TXT record in your DNS file.

6. After you have added the domain, click on validate. The Validation will take 1-2 minutes

7. The setup is now complete.



The new login method after the integration

Once the Okta integration is complete, the new way to log in to Spendflo would be to write your email address on the Spendflo sign-in page. The system will automatically detect your domain and will redirect you to Okta for authentication; once verified by Okta, you'll be logged in to your Spendflo profile.


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article