PrevailHQ Knowledge Base

Okta

Updated March 10, 2024

Okta

Overview

The setup of Okta is relatively straightforward. The overall process is as follows:

  1. Create your company account at PrevailHQ. The user that does this will be the administrator of the account and can perform the actions needed here.
  2. Ensure PrevailHQ staff has configured your account to enable SAML. Open a ticket at support@prevailhq.com if this has not been discussed and completed.
  3. Follow the instructions here to create and configure a SAML Application.
  4. Copy information from Okta to PrevailHQ. Copy information from PrevailHQ to Okta.
  5. Your users should now be able to enter PrevailHQ from your portal.

All configuration of PrevailHQ is done within the administration menu: "SAML Integration". You can find this in the drop down under your name in the top right corner. If you do not see this, then step 2 above was not completed.

1. Okta Application Setup

In Administration, click on Applications. Click on Add Application.

In the search box, enter SAML. In the results pane, select "SAML Service Provider"

On the next page, click "Add"

Name your application, "PrevailHQ" and click Next.

In the setup screen, leave Default Relay State as is. Expand the Attributes section. From here, copy the claims PrevailHQ needs to operate. The minimum is email, first name, and last name. In PrevailHQ, the claims are email address, given name, and surname, respectively. See below:

From here, scroll down to Advanced Sign-on Settings. You need to fill in the two fields with data from PrevailHQ under the section SAML SP Information. Copy the Reply URL from PrevailHQ into the Assertion Consumer Service URL and the Identifier into the Service Provider Entity ID.

The remaining defaults are correct.

At this point, information from Okta needs to be copied into PrevailHQ. Look for the "View Setup Instructions" button in the Sign On form.

Click that button. On the result page, some information is displayed. Item #3 is the IP Certificate. Click on "CLICKING HERE" to download the certificate. This is a text file that can be opened in any text editor. Open the file up and copy the contents. Within PrevailHQ under the section SAML IdP Information, look for the Certificate field and paste the contents into that field.

If only first name, last name, and email are provided by Okta (according to the attributes specified in the Okta setup), then a default role will need to be selected. Under Default Role, select an appropriate role that will be assigned to all users.

Click Save.

At this point, you should be able to log in from your Okta account into PrevailHQ. If so, follow the normal Okta configuration to set up and assign your users to the new app.