Okta Single-Sign-On Integration Guide
Single-Sign-On (SSO) using Okta is only available on the H5mag Enterprise plan. Contact us to learn more.
Features
H5mag is also available on the Okta OAN. Connecting H5mag to your Okta implementation will allow you to create, edit and remove users in the H5mag app from Okta.
Requirements
To set up an Okta integration, you will need an Enterprise license, coupled to an existing user account, and an access token. If you are currently on a Professional license or you want to request the access token for Okta, please contact us to upgrade your account or supply you with your token.
Step by Step Configuration Instructions
After adding H5mag from the Okta OAN, you will need to set up the API connection. Click the 'Edit' button in the 'API Integration' page of the Provisioning tab. Now enter the following data:
API Integration
- Check the 'Enable API Integration' checkbox
- In the API Token field, enter the token received from us.
Test the API credentials before saving. When the test confirms a succesful connection, save the settings.
To App
After setting up the API connection, you will need to enable all options in the 'To App' page. The checkboxes for 'Create Users', 'Update User Attributes', 'Deactivate Users' and 'Sync Password' should all be checked. You are free to set your own password sync options, but our recommendation is to use the 'Sync a randomly generated password' option and to 'Generate a new random password whenever the user's Okta password changes'
Your settings should look like the following screenshot:
To Okta
The 'To Okta' page should be set to never import users from H5mag, as all user management should occur from the Okta system.
When all settings are saved, you can use the 'Assignments' tab to add users to H5mag.
Troubleshooting and Tips
- To prevent users from seeing their Okta username where H5mag displays the users email address, please set the 'Application username format' to 'Email' in the Sign On tab.
- The Import and Group option are not supported at this time. You will have to manually assign your users to H5mag.
- If your API Credentials Test fails, please check your URL and Bearer Token. If a second test fails, please contact us to check if the token integration on our side was successful.