Single Sign On (SSO)
      Back to home
      1. Knowledgebase
      2. User Management
      3. Single Sign On (SSO)

      Configuring Okta SSO

      Before proceeding with the configuration of Google SSO, please ensure that you read our SSO Best Practices Guide.

       

      Part 1 - Getting your Gatekeeper tenant ready to Configure & Test

      Step 1) Navigate to Settings > Configuration > Authentication

      Step 2) Change your settings to 🔘 Allow All Authentication Methods

      Step 3) Hit ✅ Save

       

      Do not select 🔘 Require Okta Single Sign on yet 🤚

      Without configuring & testing this setting, you may lock yourself out of your Gatekeeper tenant!

      If you have done this and locked your tenant - inform our Support team here

       

       

      Part 2 - Configuring Okta

      Step 1) Sign in to the Okta Admin Dashboard

      Step 2) Create Gatekeeper as a new Application

      image-png-May-26-2023-08-52-49-7518-PM

      Step 3) Go to the Sign On tab of the Gatekeeper app, then enter the Base URL

      To get your Gatekeeper Base URL, take the url when logged into your environment (minus any page-specific extensions)

      Step 4) Hit Save

      View Okta's Guidance here and navigate to Step 4 to view more details

      Notes:

      SP-initiated flows and IDP-initiated flows are supported.

      Just In Time (JIT) provisioning is not supported.

       

      Part 3 - Configuring Gatekeeper

      Step 1) While in Settings > Configuration > Authentication, hit Configure Okta

      Step 2) Enter the variables obtained from Okta as below:

      Application ID: This is the ID component of the URL generated in your Okta Admin Dashboard

      For example,

      If Okta Displays "http://www.myCompany.com/exk18o312mrXCbUs21d8"

      Use "exk18o312mrXCbUs21d8" as the Application ID in Gatekeeper 

      Identity Provider Single Sign-On URL &  X.509 Certificate: These values should also be obtained via your Okta Admin Dashboard

      Step 3) Hit ✅ Save

       

      Part 4 - Test the new SSO Connection

      Step 1) Log out of Gatekeeper

      Step 2) On the login screen, choose Okta

      Step 3) Enter your credentials & sign in

         

        If you configured the application correctly, you should be able to log in!

        You can also check if other users have been able to log in successfully via Okta by checking their login history:

        To find this, go to Settings > Users, click on a user's Name then go to the Logins tab

         

        Part 5 - Restrict access to only allow Okta SSO

        When you have successfully tested Okta SSO, you can restrict access to only allow Okta as a login method

        Step 1) Navigate to Settings > Customisations > Authentication

        Step 2) Select 🔘 Require Okta Single Sign On (SSO)

        Step 3) Hit ✅ Save

        You can now communicate to your users that only Okta will work as a login method from here onwards 👍

         

        NB. If communicating with a Customer Success Manager or Support Agent from Gatekeeper, even they will not be able to bypass this SSO setting

        So if you wish to allow them to access your Gatekeeper environment, you will need to:

        a) Add them as a guest to your Okta Active Directory

        or

        b) Consider temporarily setting your tenant to 🔘 Allow all authentication methods to allow them to log in via other authentication methods

         

        Note. Access to the Employee Portal and Vendor Portal remain via username and password when SSO authentication is set.