Overview
Spendflo provides SAML 2.0 integration to its user base, who use Okta as their IAM solution. With this integration, the users will be able to login to Spendflo seamlessly with their Okta account. Please follow the steps to configure Okta SAML login for Spendflo.
Setup in Okta
1. Go to the Okta admin section. (https://{{your_domain}}-admin.okta.com/admin/apps/active)
2. In the admin console, go to Applications > Applications.
3. Click Create app integration.
4. Select SAML 2.0 and click Next.
Configure General Settings
In the general settings, enter the app name (for example, Spendflo SAML), upload a logo for the app, then click Next.
Configure SAML Setting
To configure the SAML setting, we first need to go to Spendflo; please follow the below steps:
1. Go to Spendflo, Users>SSO.
2. Click on Add New connection button on the top right
3. In the next screen, copy the values of the ACS URL and Entity ID separately and save them somewhere; we’ll need to paste them in Okta in the next step
4. Keep this page open since we'll come back here again
Completing the SAML setting
1. Paste the values copied from Spendflo on Okta in the following way:
- ACS URL copied from Spendflo to Single sign-on URL in Okta
- Entity ID copied from Spendflo to Audience URI (SP Entity ID) in Okta
2. Choose the Name ID format of Email address and Application username as Okta username, and click Next.
3. When asked if you are a customer or a partner, select “I'm an Okta customer adding an internal app.”
4. Click Finish
Configuring the SAML setup instruction
1. In the Settings section of the Sign On tab, locate and click on View SAML setup instructions on the right side.
2. Copy the Identity Provider Single Sign-On URL and X.509 Certificate separately and save them somewhere; we’ll need to paste them on the Spendflo SSO page in the next step.
Set access permissions on Okta
1. Go to the Application page in Okta and click on the gear icon on the app you just set up.
2. If you want to share the access only with a few users, you can choose the option assign to users
3. We recommend providing access to everyone, to achieve that select assign to group option and click assign to everyone on the next page.
Go Back to Spendflo
1. Head back to the Spendflo User>SSO page that was open in the other tab and do the following
2. Paste the Single sign-on URL from okta in the SSO Endpoint
3. Paste X.509 From Okta in Public Certificate, you IDP is now configured
4. In the claim domain section, add the domain name "spendflo.com"
5. Copy the Record Name and Record Value to create a new TXT record in your DNS file.
6. After you have added the domain, click on validate. The Validation will take 1-2 minutes
7. The setup is now complete.
The new login method after the integration
Once the Okta integration is complete, the new way to log in to Spendflo would be to write your email address on the Spendflo sign-in page. The system will automatically detect your domain and will redirect you to Okta for authentication; once verified by Okta, you'll be logged in to your Spendflo profile.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article