By setting up single sign on (SSO) with Okta, you are enabling your users to securely access multiple applications and services using one set of credentials, eliminating the need to remember different passwords for each service.
Features:
- SP initiated flow: Users can sign into Workshop with Okta, via ‘Sign in with SSO’ on our login page
- IDP initiated flow: Users can sign into Workshop via the Okta application dashboard or an Okta-specific URL
- Update user attributes: When user attributes are updated in Okta, they will be updated in Workshop when a user signs in.
Presently, Workshop does not support the following Okta features, but may in the future:
- User provisioning
- Group attributes
- Deactivate / reactivate users
Requirements:
Single sign on (SSO) is available on Enhanced & Premium plans for Workshop.
- Access to an Okta tenant
- Be an Okta administrator to that tenant
- Be an Admin user within Workshop
- Users must be invited via Workshop to successfully sign in with SSO
Setup Steps:
- Log into Okta as an Admin.
- Within your Okta account, navigate to the App Catalog
- Search for 'Workshop' within the app catalog and click 'Add Integration'
- Log into Workshop as an Admin within a separate tab.
- Within your Workshop account, click on your user avatar in the top right corner and click on Settings.
- In Workshop's Settings, click on the SSO tab.
- From Workshop's SSO setup page, choose your identity provider as Okta.
- On the next page within the Okta setup flow in Workshop, you will be provided your Workshop SSO ID. Copy this ID from Workshop.
- Navigate back to your Okta account and paste this Workshop SSO Id into the Workshop SSO ID field in Okta
- Provide your 'Subdomain' within this Okta screen and then click Done
- For all customers, other than EU, you will provide 'app'
- If you are an EU customer, you will provide 'app-eu'
- After clicking done, you will be taken to the Workshop application view in Okta. From this view, click 'Assign' and then 'Assign to People'.
- Search for a Workshop user and click 'Assign' within the 'Assign Workshop to People' modal. Within the next modal, you will verify the username matches their Workshop account email address and then click 'Save and Go Back'. You will then see this person within your Workshop application view.
- From the Workshop application view in Okta, navigate to the 'Sign On' tab, click “Edit”, and update the Application Username Format to “Email”. Save the changes.
- On the same tab, locate your Metadata URL. Copy this URL.
- Navigate back to your Workshop account, paste this URL into the Metadata URL field then click 'Create provider'.
- On the next page, your Okta setup will show in a Pending state in Workshop. From this view, you will be provided the ability to do a 'Test sign in'. Click to perform 'Test sign in'.
Note - This test sign in will be done against the account you assigned to the Workshop application in Okta.
- After you complete the test sign in successfully, your Okta setup will show in an Enabled state in Workshop. Now you can assign additional Workshop users in Okta.
Note - We don’t support just in time (JIT) user provisioning at this time.
16. Any user that has been assigned to the Workshop application within Okta, will be able to login to Workshop in the following ways:
- Via the Okta application dashboard
- Via an Okta URL
- ‘Sign in with SSO’ on Workshop’s login page, https://app.useworkshop.com/auth/sign_in