How to Configure Single Sign-On (SSO) with Okta?

Single Sign-On Okta

We will go over how to configure SAML-based Single Sign-On (SSO) with Okta in this post.

If you use Microsoft Azure Active Directory for SSO, refer to: How to Configure Single Sign-On (SSO) with Microsoft Azure Active Directory.

If you use Google for SSO, refer to: How to Configure Single Sign-On (SSO) with Google.

Create an application in Okta admin dashboard

First, we need to create an application in the Okta admin dashboard.

Log in to the dashboard, go to Applications->Applications->Create App Integration, select SAML 2.0, as illustrated below:

create-new-app-integration

then click on Next. You will now be redirected to the General Settings tab:

general-settings

enter DMARCLY as App name, upload the DMARCLY logo (optional), then click on Next. You are now on the Configure SAML tab.

You need to grab Service Provider Entity ID and Assertion Consumer Service URL from the DMARCLY dashboard. Log in to DMARCLY, go to System->Single Sign-On (SSO), toggle on the Enable Single Sign-On switch, and choose Okta as the Identity Provider:

enable-sso

then copy the Service Provider Entity ID value, switch back to Okta, paste the value in the SP Entity ID field; go to DMARCLY, copy the Assertion Consumer Service URL value, switch back to Okta, paste the value in the Single sign on URL field. Make sure to keep "Use this for Recipient URL and Destination URL" checked.

Once done, it should look like this:

configure-saml

Note: if you are in the EU zone, please make sure that both Service Provider Entity ID and Assertion Consumer Service URL start with https://eu.dmarcly.com, instead of https://dmarcly.com.

Click on Next. Check the "I'm an Okta customer adding an internal app" radio, then click on Finish.

Now you are on the DMARCLY application page. Click on View SAML setup instructions to open the instructions page, then scroll down and copy the IDP metadata.

Switch back to the DMARCLY dashboard, paste it in the IdP Metadata field:

idp-metadata

then hit Update SSO.

Assign users to the application

Before a user in your tenant can use the application, you must assign the user to it. Go to the DMARCLY application page, click on the Assignments tab, then click on Assign->Assign to People:

assign-dmarcly-to-people

click on the Assign button on a user you want to assign DMARCLY to, then click on Save and Go Back.

assign-dmarcly-to-user

Repeat this step until all the users you want to assign to have been assigned to. Then click on Done on the Assign to People modal.

Create users in DMARCLY

To log in via SSO, in addition to a corresponding user account in Okta, a user must have an account in DMARCLY.

To create a user account in DMARCLY, log in to the dashboard, go to Users->Add User, enter the user email address and the other fields on the page, then click on Save User.

Log in via SSO

Now that you are done with the configuration, you can log in via SSO.

If you are a non-EU user, navigate to https://dmarcly.com/login-sso, otherwise navigate to https://eu.dmarcly.com/login-sso.

Now enter your account email with DMARCLY, then you will be redirected to the Okta login screen:

okta-login

enter your credentials with Okta. Once authenticated, you will be redirected to the DMARCLY dashboard.

IdP-initiated SSO

You can also access DMARCLY directly from Okta. To do so, navigate to the Okta end user dashboard, enter the credentials to log in, go to My Apps and you will see a list of applications created in Okta:

my-apps

If you followed the steps above in this article, you will see DMARCLY appear on that list. Simply click on the logo and you will be redirected to the DMARCLY dashboard.

Enforce SSO

You can enforce SSO so that all users must log in via SSO. That is, direct login will be disabled.

To enforce SSO, turn on the Enforce SSO checkbox in System->Single Sign-On (SSO) in the DMARCLY dashboard:

enforce-sso

then click on Update SSO.

Now log out of your DMARCLY dashboard, and try to log in again on the direct login page, you will see some warning like this:

requires-sso-warning

Simply click on the SSO link to proceed with SSO login.

Article précédent Article suivant

 Protect Business Email & Improve Email Deliverability

Get a 14 day trial. No credit card required.

Create Account