Configuring Single Sign-on with Okta

Step-by-step instructions to get your organization signing on with the Okta Identity Platform.

Michael Faliero avatar
Written by Michael Faliero
Updated over a week ago

Important: This tutorial applies to organizations in either our Growth tier, or higher tiers. If you are on another plan, please contact support.

Overview

If your organization uses Okta as an identity management and access platform, you can now set up Single Sign-on for your professionals using SAML 2.0. With our SSO integration you also get:

  • Automatic provisioning of all new users

  • Mapping of user attributes from Okta to Clearview Social

  • Login to Clearview Social using your SSO domain

The following tutorial will show you step-by-step how to create a new connection in Okta, and how to configure that connection to allow your users to login.

Important: You must be an administrator both for Okta, and for your Clearview Social organization to complete this tutorial!

Step 1: Create the application in Okta

  • Go to the Administration section of your Okta account

  • Go the Applications administration page, located in the left-hand navigation

  • Click the "Create App Integration" button to create a new application

  • In the modal that appears, select "Saml 2.0" from the list of options, and click "Next":

  • Under "General Settings", change the name to "Clearview Social Login"

  • Click "Next" to continue

Step 1b: Configure SSO Settings

  • With the Okta page open, in a separate browser tab go to: https://app.clearviewsocial.com/org/settings/sso

  • Copy the following values from the Clearview Social SSO Settings page into the Okta SAML Settings page:

    • "Our SSO URL" should be copied by the "Single sign on URL" label

    • "Our Entity ID" should be copied by the "Audience URI (SP Entity ID)" label

  • For the "Name ID Format", select "Email Address"

  • For the "Application username", select "Email"

  • Click "Show Advanced Settings"

  • Scroll down and click the "Allow application to initiate Single Logout" checkbox

  • From the Clearview Social SSO Settings page, copy the following into Okta:

    • "Our SLO URL" should be copied by the "Single Logout URL" label

    • "Our Entity ID" should be copied by the "SP Issuer" label

Step 1c: Configure Attributes

Important: The values used here are going to be highly dependent on the setup of your identity store. The suggested values below assume a user pool created in Okta. What's more important here is that the suggested attributes are named to our specifications:

  • Set the following Attribute Statements:

  • Set the following Group Attribute Statements:

  • Click "Next" to continue

Step 1d: Configure Okta Support

  • Set the following options on the "Help Okta Support" screen, and click "Finish" to complete the setup.

Step 2: Configure the application in Clearview Social

  • In the Okta Application, click on the "Sign On" tab and then click "View SAML Setup Instructions" (in the right hand column)

  • In a new tab, a page will open titled "How to Configure SAML 2.0 for Clearview Social Login Application". Copy the values from Okta into Clearview Social in the following steps:

    • Step 1: The "Identity Provider Single Sign-On URL" should be copied into "Single Sign-In URL"

    • Step 2: The "Identity Provider Single Logout URL" should be copied into "Single Logout URL"

    • Step 3: The "Identity Provider Issuer" should be copied into "Issuer URL"

    • Step 4: The "X.509 Certificate" should be copied into "Your Public Certificate"

  • After copying these values, go to the Clearview Social SSO Settings tab, and enter the following:

    • Under "Valid Domains", enter any valid email domains you use for your corporate login. Note: These will always be corporate domain names, for example clearviewsocial.com, or yourfirmname.com. Gmail, Yahoo, Outlook.com are not valid domains for SSO!

    • Under "SSO Platform", select "Okta"

  • On the Clearview Social SSO Settings tab, click "Save"

Step 3: Configure Signing Certificate in Okta

  • Go back to the Application administration page in Okta, and select the Application you created in Step 1

  • Click on the "General" tab, and click "Edit" within SAML Settings

  • Click "Next" to go to the second screen, and then find and click "Show Advanced Settings"

  • Find the "Signature Certificate" section:

  • To upload the Signature Certificate

    • In Clearview Social copy the full certificate under "Our Public Certificate"

    • Open a file in a text editor (NOT Microsoft Word - use notepad if on Windows)

    • Paste the certificate into the text editor, and save the file to your Desktop

    • In Okta, click "Browse", select the file you just saved, and click "Upload Certificate"

  • Scroll to the bottom of the screen and click "Next"

  • Click "Finish" on the final screen to complete the update

Step 4: Add Users to your Application in Okta

Important: This step is highly dependent on your Identity Provider setup. If you need assistance on getting users added to an application in Okta, please reach out to our support team for assistance. For our example, we will add users that were already created within Okta:

  • In the Okta Administration section, click on the "People" menu item in the left-hand menu

  • Click on the user from the list that you would like to assign the Application

  • Click "Assign Applications"

  • In the resulting modal window, you should see "Clearview Social Login". Click "Assign"

  • For the User Name, ensure the user's email address is entered

  • Click "Save and Go Back" to complete the assignment

  • The resulting page should look like the following:

Step 5: Test Your Login

Important: If you were logged into Clearview Social already to complete the previous steps, log out of Clearview Social before testing the connection!

  • At this point, you should be able to log into Clearview Social using Okta. Go to Clearview Social, and click the "Login with SSO" button

  • Enter the email address associated with your Okta user login. Note: The email domain should match one of the "Valid Domains" you entered in Step 2

  • Click "Login" to complete the login

  • You should be successfully logged into Clearview Social with your Okta user. If the Okta user was not previously in Clearview Social, you should see an activation screen, and you will receive an email to activate your account.

Further Reading

Any Further Questions?

If you have any further questions about setting up SSO for your organization, please use the chat bubble within Clearview Social, or reach out to support to learn more!

Did this answer your question?