0%

Set up SSO for Plecto and Okta

Step 1: Retrieve the Assertion Consumer Service (ACS) URL from Plecto

To enable Single Sign-On (SSO) in Plecto using Okta, you'll need to configure both Okta and Plecto to communicate via the SAML 2.0 protocol.

Here's a step-by-step guide to set up the integration:

  1. Log in to your Plecto account.

  2. Navigate to the Settings section.

  3. Check the box labeled Enable SSO.

  4. Copy the ACS URL provided; you'll need this for the Okta configuration.

  5. In a separate browser tab, open your Okta Admin Console.

Step 2: Configure SAML Application in Okta

  1. Log in to your Okta Admin Console.

  2. Go to the Applications tab and click on Create App Integration.

  3. Click on Create New App.

    • In the dialog:

    • Set the Platform to Web.

    • Choose SAML 2.0 as the Sign on method.

    • Click Create.

  4. In the General Settings:

    • Enter an appropriate App name (e.g., "Plecto").

    • Click Next.

  5. In the Configure SAML step:

    • Set the Single Sign-On URL to the ACS URL you obtained from Plecto.

    • Set the Audience URI (SP Entity ID) to a unique identifier for Plecto (consult Plecto's documentation or support for the correct value).

    • Set the Name ID format to EmailAddress.

  6. (Optional) Update the Attribute Statements section. The attributes are linked to the user variables defined in a user under Directory > Profile editor. Learn more in Okta's help documentation.

  7. Click Next.

  8. (Optional) Leave Feedback to Okta.

  9. Click Finish.

  10. After creating the app, go to the Sign On tab and click on View SAML setup instructions.

  11. Note down the Identity Provider Single Sign-On URL, Identity Provider Issuer, and download the X.509 Certificate; you'll need these for Plecto.

  12. Now go back to Plecto and follow Step 3.

Step 3: Configure SSO in Plecto

  1. Return to Plecto's Settings section.

  2. Ensure the Enable SSO option is checked.

  3. Under Provide SAML settings, you have two options:

    1. Provide settings With metadata file: Enter the SAML metadata URL from Okta. This is typically the Identity Provider Single Sign-On URL you noted earlier (listed nr. 1 in Okta).

    2. Provide settings Manually:

      1. SAML login URL: This would be the Identity Provider Issuer URL from Okta (listed nr. 2 in Okta).

      2. SAML certificate (listed nr. 3 in Okta).

  4. Optionally, enable Allow SAML provisioning to automatically create employee accounts in Plecto when they log in via SSO.

  5. Click Save to finalize the configuration.

0%