Implement Okta Single Sign-On
This article explains how to implement Single Sign-On (SSO) from Okta into Cezanne HR using SAML 2.0.
Instructions for setting up the Okta SSO are also available from the Okta website.
- Log in to Okta with your Administrator account.
- Navigate to the Admin screen.
- Select Add Applications.
- Select Create New App.
- Select SAML 2.0.
- Click Create.
- On the General Settings tab:
- Enter 'Cezanne HR SSO' as the App name.
- Click Next.
- On the Configure SAML tab:
- Set Single Sign on URL to 'https://w3.cezanneondemand.com:443/cezanneondemand/-/{company-identifier}/Saml/Samlp'
- Set Audience URI to 'https://w3.cezanneondemand.com/CezanneOnDemand/'
- Click to Download Okta Certificate.
- Click Next.
- On the Feedback tab:
- Select I'm an Okta customer adding an internal app.
- Click Finish.
- Remember in the Okta Cezanne Application to add all users that you wish to grant access to the app:
- In the Sign On section, select View Setup Instructions.
- Copy the Identity Provider Single Sign-On URL and Identity Provider Issuer as you will need them later:
Navigate: System Setup >> Security Settings >> Single Sign-On Configuration
- Tick the SAML 2.0 check box
- Select Advanced Configuration
- Click Add New.
- Enter a Display Name e.g. Okta
- Paste the 'Identity Provider Issuer' from the section above into the Entity Identifier field.
- Select 'POST' from the SAML Binding drop-down.
- Paste the 'Identity Provider Single Sign-On URL' from the section above into the Security Token Service Endpoint.
- Upload the Okta Certificate that you downloaded earlier into the Public Key Certificate field.
- Click Ok and Save
- Map the cezanne User to the Okta User using the mapping name they provided in the general setup of their application:
Associating Okta users with Cezanne users
There are two ways to associate your users' Okta identities with their Cezanne user accounts. You can use the User Settings screen to associate individual users or the SAML 2.0 Users Data Import to associate users in bulk.
Using the User Settings Screen
Navigate to: System Setup >> Manage Users >> User Settings.
- Search for the user you wish to update.
- Select the Single Sign-On tab.
- In the SAML 2.0 Identifiers section, click Add New.
- In the Identity Provider column select Okta and in the User Identifier column enter the user's Okta username.
- Click Save.
Using the SAML 2.0 Users Data Import
Navigate to: System Setup >> Data Management >> Import Data.
- Select SAML 2.0 Users on the Settings tab.
- Follow the on-screen instructions. For information about data imports, please refer to the Data Importing Knowledge Base article.