SAML Single Sign-On Setup - Okta

This page describes how to configure SAML Single Sign-On (SSO) for Telerivet using Okta as the Identity Provider.

Before completing these steps, the SAML Single Sign-On feature must be enabled for your account. Contact support@telerivet.com to request this feature.

• Log in to the Telerivet dashboard as an account with the "Organization administrator" role.

• Click Account, then click Organization Settings.

• Under Allowed Login Methods, click “Configure” next to SAML Single Sign-On.

• Leave all fields blank for now, enter your Telerivet password at the bottom and click “Save changes”.

• Click the Application Logo and download it to your computer.

• Open another browser window/tab and log in to your Okta admin dashboard with an Okta administrator account.

• In Okta, click "Applications"

• Click "Create App Integration"

• Select "SAML 2.0" and click Next

• For the App Name, enter "Telerivet"

• Upload the Telerivet logo that you previously downloaded to Okta as the App logo.

• Click "Next"

• From the "SAML Single Sign-On Settings" page in Telerivet, copy the "Service Provider Assertion Consumer Service URL" URL and paste it into the "Single sign-on URL" field in Okta.

• From the "SAML Single Sign-On Settings" page in Telerivet, copy the "Service Provider Entity ID (Audience URI)" URL and paste it into the "Audience URI (SP Entity ID)" field in Okta.

• Leave the "Default RelayState" field blank.

• In the Name ID format field in Okta, select "EmailAddress".

• In the Application username field, select "Email".

• Click "Next"

• Click the "Sign On" tab, then click "View SAML Setup instructions"

• From the "SAML Single Sign-On Settings" page in Telerivet, click "Edit Settings".

• Copy the "Identity Provider Single Sign-On URL" in Okta and paste it to the "Identity Provider Single Sign-On URL (SAML 2.0 Endpoint)" in Telerivet

• Copy the "Identity Provider Issuer" in Okta and paste it to the "Identity Provider Entity ID (Issuer URI)" in Telerivet

• Copy the "X.509 Certificate" in Okta and paste it to the "Identity Provider Certificate" in Telerivet

• Leave the "Identity Provider Single Log-Out URL (optional)" blank in Telerivet

• Enter your password in Telerivet and click "Save changes".

• In Okta, use the Assignments tab to assign groups or users that should have access to Telerivet via the SAML SSO integration.

Note: Each user will need to be granted access via the Okta “Assignments” tab as well as via Telerivet’s User Accounts page in order to have access to Telerivet via Single Sign-On.

When Single Sign-On is enabled via Okta, users can access Telerivet in either of the following ways:

• Log in to your Okta dashboard and click the Telerivet link/logo from the "My Apps" page.
• Go to https://telerivet.com/dashboard . If not logged in already, click the “SAML” button and enter your email address.