For companies who prefer to use single sign-on (SSO), Pagely provides SSO functionality for logging into the Atomic control panel. In this article, we'll show you how to set it all up with Okta as your identity provider.
Note: Atomic SSO is a plan add-on. Make sure to contact support to add it before proceeding with these steps.
Initial Setup Within the Atomic Control Panel
Before any steps can be performed inside of Okta, you'll need to first activate SSO from inside of Atomic and gather information that you'll need later.
- Start by logging into the Atomic control panel as an Account Owner, Super-Admin, or Sub-Admin.
- On the left side of the screen, click on Team to access your team settings.
- Next, navigate to the Settings tab within the page.
- SSO is disabled by default and will need to be enabled before any settings will become available. Click on the Begin Setup button to get started.
- On the next screen, you'll be presented with various values that you'll need to provide to your SSO provider. If you're already familiar with the SAML setup process, everything you need will be listed here, and are named the same as they would be inside of the Okta UI.
In the next section, we'll go over how to create a new app integration using the values provided from within Atomic. Be sure to keep this screen open in a separate browser tab, as you'll need the information from it later.
Configuring a New Pagely App Integration in Okta
Now that we've gotten the proper integration values from Atomic, it's time to add the app to Okta. Here's how to do it.
- Start by logging into Okta.
- Next, use the left side menu to navigate to Applications.
- From the Applications screen, click on Create App Integration.
- A new screen will appear asking the type of integration you would like to create. Currently, Pagely supports SAML.
Select SAML 2.0 from the list, continue on by clicking Next. - The first set of settings is the General Settings section.
Aside from your own personal preferences, the only thing you'll need to fill here is the App Name field. For the purposes of this example, we'll enter Pagely in this field.
After making your changes, click on the Next button to continue on to Configure SAML screen. - Now that you're inside of the Configure SAML screen, you're ready to fill out a few fields with information that you obtained from Atomic in the previous section.
The first of these fields is the Single Sign On URL field. Inside this field, paste the Single Sign On URL that was previously provided to you inside of Atomic. - The next field you'll need to fill is the Audience URL (SP Entity ID) field. Like in the prior steps, simply copy and paste the Audience URI from Atomic into this field.
- So that your user can be properly linked, use the Name ID Format dropdown to select EmailAddress.
- Next, set the Application Username dropdown to Email.
- The last option that we'll need to configure on this page is inside of the Attribute Statements section.
Inside of the Name field, enter the following:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
As for the Value, set this to:
user.email
- After you've put your values in place, it's time to do a quick test of your settings. To do so, scroll down the page and click on the Preview the SAML Assertion button.
As long as everything is in place and valid, you'll be presented with XML data and are ready to proceed to the next step by clicking on the Next button.
If you receive any errors, you'll want to go back through the steps to make sure you didn't miss anything or have any typos.
Obtaining Your Identity Provider Metadata URL and Completing Setup in Atomic
After the new app integration is completed, you'll need to obtain the metadata URL and enter it into the Atomic control panel.
- Start by accessing your newly created app and navigating to the Sign On tab.
- Under the Sign On Methods section, you'll notice a notice area stating that additional setup is required. Within this area, locate the Identity Provider metadata link.
Clicking this link will take you directly the the metadata URL that you'll need to provide inside of Atomic. Grab it by either copying the resulting URL or by right-clicking and copying the link target. - Now that you have your metadata URL, navigate back to the Single Sign On Setup page inside the Atomic control panel.
Tip: in case you've closed the tab since accessing this page in prior sections, you can get here by clicking on Team, then viewing the Settings tab. - On this page, fill in the Identity Provider Name field with something you'll be able to identify later, such as Okta.
- Within the Metadata URL field, enter the URL that you copied from Okta in step 3.
With your values filled, all you have to do is click on the Continue Setup button to complete the process of configuring Okta as your Atomic control panel identity provider.
Of course, like any other changes, don't forget to test it all out!