Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            *Simployer One HR's Okta App - SAML & SCIM Configuration Guide for Okta MÅ ENDRE DOMAIN NAVN

            Modified on Mon, 2 Jun at 9:59 AM

            How to get going with Simployer One's app in Okta

            This article describes features exclusive to our app in Okta. For information about SSO via SAML see this article and for SCIM see this article.

            Click here to skip to the Step-by-step instructions for SAML or SCIM

            Requirements

            Ensure that you have the following before you start configuring the Okta app:

            • Get the user provisioning functionality for your Okta account. See Lifecycle Management for more details.

            • An Okta account with admin privileges

            • An Simployer One  account with Owner permission set

            • Make sure your account plan in Simployer One  allows you to use SSO & SCIM

            Supported Features

            SAML

            • IdP-initiated SSO

            • SP-initiated SSO (see note)

            Note: SP-initiated SSO requires help from Simployer One AlexisHR's Customer Success/Support.

            SCIM

            • Import Users

            • Profile Sourcing

            Step­ by­Step Configuration Instructions for SAML

            Step 1 - Get info about SAML from Okta

            From Okta retrieve Identity Provider Single Sign-On URL and your X.509 Certificate.

            Step 2 - SAML Single sign-on in Simployer One 

            Add this information into Alexis via Settings -> SAML Single sign-on. Click "New identity provider". In Identity provider sign out URL you can enter the following (change [YOUR_TENANT] to your tenant):

            https://[YOUR_TENANT].okta.com/login/signout?fromURI=https://app.alexishr.com

            Click Create identity provider and you'll be taken to the next screen.

            Step 3 - Retrieve info from Simployer One 

            You need to copy the Audience URI and Assertion Consumer Service URL and save for the next step.

            If you want to test on app.sandbox.alexishr.com

            To enable testing in our sandbox environment you need to enter Domain and Tenant when setting up Okta. See Step 4 "Domain" and "Tenant" for details.

            Pictured: There are environment variables in the Audience URI and ACS URL

            Step 4 - Setting up SSO in Okta

            General settings - Set the required fields as follows

            • Domain: alexishr for production and sandbox.alexishr for sandbox

            • Tenant: alexishr for production and alexishr-sandbox for sandbox

            • Single sign-on URL: should be value Assertion Consumer Service URL copied from Alexis, see step 3

            • Audience URI (SP entity ID): should be value from Audience URI copied from AlexisHR, see step 3

            • Name ID format: Email or Unspecified

            • Application username: should be set to Okta username

            • Update application username on: should be set to Create and update

            Attribute statements - Set the required fields as follows

            • Name: email

            • Name format: Email or Unspecified

            • Value: user.email


            This concludes the settings needed for SAML SSO

            If you are interested in Okta user provisioning you can read more here

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0