Single Sign On allows your staff to have one password for all their applications, and avoid the need to log on separately to different systems. This guide steps through the process of setting up Single Sign On for Leave Dates using Okta.
How to Configure an Okta Single Sign-On Integration with OIDC
- Log into Leave Dates using your admin account.
- Navigate to the Settings > Integrations page
- Click the Add Provider button within the Single Sign On section
- Provide a Subdomain for the login process (eg. https://companyname.leavedates.com). Choose something memorable and easy to type, such as companyname. It will be used later to automate the login process. You cannot change this later so choose wisely!
- Press Continue and a new form will appear.
- Open a new tab in your browser and log in to your Okta account. Navigate to the Admin dashboard. You will be using the Leave Dates tab again later.
- Take a note of the address in your browser. It will be in the form https://dev-123456.okta.com/... This will be used later in the setup process as the Base URL.
- Click Applications and then Add Application.
- Search for Leave Dates and select it.
- You will now be shown a form (as below) for the application settings. leave the Application label as Leave Dates and add the SubDomain you created in step 4.
- Click Done to finish the process.
- You have now created the application in Okta.
- Go to the Sign On tab in Okta and copy the Client ID and Client secret from this page.
- Revert back to the Leave Dates browser tab and select Okta as the Provider
- Enter the Base URL as previously recorded from your Okta dashboard. This is should be something like https://dev-123456.okta.com
- If there is -admin in the URL please remove it
- Remove any spaces at the end of the URL
- Paste in the Client ID and Client secret (created earlier in Okta)
- Press Create
- An entry will be added to the table, as shown below.
- Everything is now configured to allow you to log in to Leave Dates using Okta SSO. Your setup in Okta should look similar to the below:
Further considerations
- Users will need to be created in Leave Dates using the same email address as configured for Okta.
- Users will need to be invited to use Leave Dates by an admin user, and create an account in Leave Dates using the non-SSO approach (which includes creating a password). This gives them the flexibility to use password login as well if they choose. Users can only log in using SSO once an account has been created in Leave Dates.
- Users will need to be assigned to the Leave Dates application within the Okta Portal. This can be performed in the Assignments area of the application.
- The Login URL link shown in the table in step 18 above can be used as a direct link for logging into Leave Dates using Single Sign On.
- Alternatively, the user can also log in via Okta using by clicking Log In on the Leave Dates website, followed by clicking Sign in with SSO and entering the company subdomain (created in step 4 earlier).
- Logging out from Okta will not log you out from Leave Dates.