Okta SAML

Overview

Okta SAML 2.0 is a widely-used authentication protocol that allows users to log in to multiple applications using a single set of credentials. By using this protocol, companies can centralize their user authentication and authorization, reducing the need for multiple login credentials and streamlining the user experience. Additionally, Okta SAML 2.0 provides a secure way to authenticate users, ensuring that only authorized individuals can access company resources.

Using Popl Teams Okta SAML 2.0 capabilities, companies can save time, improve security, and enhance their team's experience, making this integration a popular choice for many organizations using Popl Teams.

Setting up the Okta SAML App - Step by Step Guide

1. Start by logging into an Okta admin account and going to the Okta Application Dashboard. Once there, click on "Create App Integration".

1. On the next popup, choose "SAML 2.0".

1. On the next tab titled Configure SAML, put in the following info:

Single sign-on URL:

https://us-central1-poplco.cloudfunctions.net/msAutoSync/saml

Audience URI (SP Entity ID):

popl

Default RelayState: Just leave this field blank.

Name ID format:

EmailAddress

Application username:

Okta username

Update application username on:

Create and update

Once the above items are added, scroll down and click "Next".

1. On the final tab titled "Feedback", mark "I'm an Okta customer adding an internal app". Then click "Finish".

If you see a pane that looks like the below, don't check either box.

1. You are now all set to assign (provision) users to the Popl Okta SAML app! Users can be assigned individually or via security groups.

Note: Provisioning users via Okta won't actually create Popl digital business cards for each user. To create digital business cards for each user so they can log in with Okta SAML SSO to an already set up digital card, please follow the steps for setting up our Azure AD integration here:

Syncing Members from Azure Active Directory (Entra ID)

Logging in with Okta SAML via Desktop

For enterprise-grade security and streamlined access to the Popl dashboard, SAML protocol can be utilized for user login on desktop. To log in via Okta SAML, users can click on the Popl enterprise tile, which should be visible on their Okta dashboard under their "My Apps" if the user is part of the provisioned groups for a particular app. Upon clicking the Popl application tile, the user will be redirected to Popl Teams, where they will be logged in instantly, facilitating seamless user experience and ensuring a secure authentication.

There are two types of logins via a Desktop:

Logging in via the Okta "My Apps" Screen (SAML)

This type of login starts from Okta on the "My Apps" page. When a user logs in via Okta, the SAML Okta app that was created using the instructions above will be used to log the user in. This SAML login method is referred to as IDP-initiated login.

Logging in via the Popl Dashboard (SAML or 0Auth)

The "Continue with SSO" button will use the Okta SAML app to log the user in, while the "Continue with Microsoft" button will use an 0Auth method. Both SAML and 0Auth are fully secure login methods and usually the company admin decides how they'd like their users to log into certain platforms. Note: If when clicking on "Continue with SSO" a user is notified to log in using another method like email/pass, this means that Popl does not have a valid Okta SAML XML file from their particular company domain. For example, if a member is trying to log in using "Continue with SSO" with the email john@popl.co, if we don't have a valid SAML XML file from your company for @popl.co, then a popup will appear telling the user to log in using another method instead. See step 7 above for how to provide us with valid SAML information.

Logging in with Okta SAML on a Mobile Phone

There are two types of logins via mobile:

Logging in via the Okta "My Apps" Screen (SAML)

This type of login starts from Okta on the "My Apps" page. When a user logs in via the Okta app, the SAML Okta app that was created using the instructions above will be used to log the user in. This SAML login method is referred to as IDP-initiated login.

Logging in via the Popl Mobile App (SAML or 0Auth)

This type of login starts from the Popl app. When a user wants to log in via our app, they can either use the "Sign in with SSO" button or the "Sign in with Microsoft" button on the app's login page. This SAML login method is referred to as SP-initiated login.

The "Sign in with SSO" button will use the Okta SAML app to log the user in, while the "Sign in with Microsoft" button will use an 0Auth method. Both SAML and 0Auth are fully secure login methods and usually the company admin decides how they'd like their users to log into certain enterprise platforms. Note: If when clicking on "Sign in with SSO" a user is notified to log in using another method like email/pass, this means that Popl does not have a valid Okta SAML XML file from their particular company domain. For example, if a member is trying to log in using "Sign in with SSO" with the email john@popl.co, if we don't have a valid SAML XML file from your company for @popl.co, then a popup will appear telling the user to log in using another method instead. See step 7 above for how to provide us with valid SAML information.

With 🤍 from Popl.