Important: This tutorial applies to organizations in either our Growth tier, or higher tiers. If you are on another plan, please contact support.
If your organization uses Okta as an identity management and access platform, you can now set up Single Sign-on for your professionals using SAML 2.0. With our SSO integration you also get:
Automatic provisioning of all new users
Mapping of user attributes from Okta to Clearview Social
Login to Clearview Social using your SSO domain
The following tutorial will show you step-by-step how to create a new connection in Okta, and how to configure that connection to allow your users to login.
Important: You must be an administrator both for Okta, and for your Clearview Social organization to complete this tutorial!
Step 1: Create the application in Okta
Go to the Administration section of your Okta account
Go the Applications administration page, located in the left-hand navigation
Click the "Create App Integration" button to create a new application
In the modal that appears, select "Saml 2.0" from the list of options, and click "Next":
Under "General Settings", change the name to "Clearview Social Login"
Click "Next" to continue
Step 1b: Configure SSO Settings
With the Okta page open, in a separate browser tab go to: https://app.clearviewsocial.com/org/settings/sso
Copy the following values from the Clearview Social SSO Settings page into the Okta SAML Settings page:
"Our SSO URL" should be copied by the "Single sign on URL" label
"Our Entity ID" should be copied by the "Audience URI (SP Entity ID)" label
For the "Name ID Format", select "Email Address"
For the "Application username", select "Email"
Click "Show Advanced Settings"
Scroll down and click the "Allow application to initiate Single Logout" checkbox
From the Clearview Social SSO Settings page, copy the following into Okta:
"Our SLO URL" should be copied by the "Single Logout URL" label
"Our Entity ID" should be copied by the "SP Issuer" label
Step 1c: Configure Attributes
Important: The values used here are going to be highly dependent on the setup of your identity store. The suggested values below assume a user pool created in Okta. What's more important here is that the suggested attributes are named to our specifications:
Set the following Attribute Statements:
Set the following Group Attribute Statements:
Click "Next" to continue
Step 1d: Configure Okta Support
Set the following options on the "Help Okta Support" screen, and click "Finish" to complete the setup.
Step 2: Configure the application in Clearview Social
In the Okta Application, click on the "Sign On" tab and then click "View SAML Setup Instructions" (in the right hand column)
In a new tab, a page will open titled "How to Configure SAML 2.0 for Clearview Social Login Application". Copy the values from Okta into Clearview Social in the following steps:
Step 1: The "Identity Provider Single Sign-On URL" should be copied into "Single Sign-In URL"
Step 2: The "Identity Provider Single Logout URL" should be copied into "Single Logout URL"
Step 3: The "Identity Provider Issuer" should be copied into "Issuer URL"
Step 4: The "X.509 Certificate" should be copied into "Your Public Certificate"
After copying these values, go to the Clearview Social SSO Settings tab, and enter the following:
Under "Valid Domains", enter any valid email domains you use for your corporate login. Note: These will always be corporate domain names, for example clearviewsocial.com, or yourfirmname.com. Gmail, Yahoo, Outlook.com are not valid domains for SSO!
Under "SSO Platform", select "Okta"
On the Clearview Social SSO Settings tab, click "Save"
Step 3: Configure Signing Certificate in Okta
Go back to the Application administration page in Okta, and select the Application you created in Step 1
Click on the "General" tab, and click "Edit" within SAML Settings
Click "Next" to go to the second screen, and then find and click "Show Advanced Settings"
Find the "Signature Certificate" section:
To upload the Signature Certificate
In Clearview Social copy the full certificate under "Our Public Certificate"
Open a file in a text editor (NOT Microsoft Word - use notepad if on Windows)
Paste the certificate into the text editor, and save the file to your Desktop
In Okta, click "Browse", select the file you just saved, and click "Upload Certificate"
Scroll to the bottom of the screen and click "Next"
Click "Finish" on the final screen to complete the update
Step 4: Add Users to your Application in Okta
Important: This step is highly dependent on your Identity Provider setup. If you need assistance on getting users added to an application in Okta, please reach out to our support team for assistance. For our example, we will add users that were already created within Okta:
In the Okta Administration section, click on the "People" menu item in the left-hand menu
Click on the user from the list that you would like to assign the Application
Click "Assign Applications"
In the resulting modal window, you should see "Clearview Social Login". Click "Assign"
For the User Name, ensure the user's email address is entered
Click "Save and Go Back" to complete the assignment
The resulting page should look like the following:
Step 5: Test Your Login
Important: If you were logged into Clearview Social already to complete the previous steps, log out of Clearview Social before testing the connection!
At this point, you should be able to log into Clearview Social using Okta. Go to Clearview Social, and click the "Login with SSO" button
Enter the email address associated with your Okta user login. Note: The email domain should match one of the "Valid Domains" you entered in Step 2
Click "Login" to complete the login
You should be successfully logged into Clearview Social with your Okta user. If the Okta user was not previously in Clearview Social, you should see an activation screen, and you will receive an email to activate your account.
Any Further Questions?
If you have any further questions about setting up SSO for your organization, please use the chat bubble within Clearview Social, or reach out to support to learn more!