Our SAML integration uses a self-setup model that allows you to set up, manage, and edit your SAML integration in the Widen Collective. The SAML Integration feature must be enabled in the Collective in order to configure SAML settings and set up the Okta integration. Collective admins can enable the feature from the Features page in the Admin app, then access SAML settings from the Single Sign-on Settings in the Admin app. Please contact your customer experience manager or onboarding coach for more information or help with setting up the feature.


Use the instructions below to integrate Okta after the SAML feature is enabled.


Set up in Okta

To get started, you'll first need to set up the Collective as an app in Okta. To set up the Collective:

  1. Log in to your Okta account.

  2. Click the Admin button.

  3. On the dashboard, select Applications.

  4. Click Add Application.

  5. Choose Create New App.


Step 1: General settings

To create the new app, complete the general and SAML settings. For general settings, include:

  1. The app name of the one you're integrating with. In this instance, use Widen Collective.

  2. The app logo (optional). Upload an image/icon of the app you are integrating with.

  3. Click Next to set up SAML settings.


Step 2: SAML settings

When setting up SAML settings some of the information needed is located on SAML settings page in the Admin app of the Collective. For SAML settings:

  1. Add the single sign-on URL. The URL can be found in the Service Provider (SP) tab under Assertion Consumer Service URLs.

  2. Add the audience URI (SP entity ID). The URI can be found in the SP tab under Issuer / Entity ID.

  3. Choose Persistent for the name ID format.

  4. Complete the attribute statements, which are required in the Collective. By default, email, first name, and last name attributes are required. Add each attribute, then select its respective value in the corresponding dropdown. (The attribute names you create are used in a later step to correctly map the new attributes in the Collective.)

  5. Click Next.



Step 3: Help Okta support understand how you configured this app

After completing the general and SAML settings, add information to help Okta understand how you configured the app.

  1. For Are you a customer or partner?, choose “I'm an Okta customer adding an internal app.”

  2. For app type, check “This is an internal app that we have created.”

  3. Click Finish and you'll be taken to the Okta app settings page.



Step 4: Okta app settings page

On the Okta app settings page, click View Setup Instructions to find information - like the Identity Provider (IdP) SSO URL and X.509 certificate - needed to finish the setup in the Collective, then copy the IdP SSO URL and download the X.509 certificate.


Step 5: Assign users to your new app

Last, assign users to your app in Okta. To assign users:

  1. Click Applications.

  2. Choose Applications.

  3. Click Assign Applications.

  4. Under Applications, select your newly created app.

  5. Under People, select the users or group you want to access your new app.

  6. Click Next after selecting all users or groups.

  7. Click Confirm Assignments after reviewing your assignments.


For more information about adding users or groups to Okta, please check out Okta’s Manage People documentation.


Set up in the Widen Collective 

To set up the integration between Okta and the Collective:

  1. Log in to the Collective.
  2. Select the Admin app.
  3. Click Single Sign-On Settings.
  4. Click SAML settings.

Service Provider 

  1. On the Service Provider tab, select your SAML-specific registration code in the Registration code dropdown. If you have not yet created one, please contact your CXM or OC for assistance.
  2. Click Save.
  3. Click the Identity Provider tab.



Identity Provider

For the IP, complete the following information:

  1. Authorization endpoint (required): Enter the IdP SSO URL from Okta.
  2. Metadata endpoint: For this integration, you do not need to fill in the metadata endpoint.
  3. Certificate files (required): Click Select Files and upload your X.509 certificate from Okta. Once uploaded, you will see information about the certificate in the IdP tab.
  4. Support email (required): Enter your email address. The Support email is only used to reference who configured this integration.
  5. Click Save.
  6. Click the Attributes tab.


Attributes

In Step 2 (SAML settings), you created the Collective-required attribute statements in Okta. You'll need to include some of that information in the Attributes tab in the Collective. By default, ADFS values are mapped to the Attributes tab. Log in to your Okta account, then select Applications > General, then select this information and add it to the corresponding location in the Attributes tab, replacing the ADFS default value:

  1. Email: Add the attribute name of your previously created email attribute (for example, email).
  2. First name: Add the attribute name of your previously created first name attribute (for example, first name).
  3. Last name: Add the attribute name of your previously created last name attribute (for example, last name).
  4. If any additional attributes need to be mapped, remove the ADFS default value and add your attribute name value in its place. If there are no additional attributes, click Save.
  5. Click Save.