Okta SAML
Use this guide to set up Okta SSO SAML for your organization on Popl Teams
Last updated
Use this guide to set up Okta SSO SAML for your organization on Popl Teams
Last updated
Okta SAML 2.0 is a widely-used authentication protocol that allows users to log in to multiple applications using a single set of credentials. By using this protocol, companies can centralize their user authentication and authorization, reducing the need for multiple login credentials and streamlining the user experience. Additionally, Okta SAML 2.0 provides a secure way to authenticate users, ensuring that only authorized individuals can access company resources.
Using Popl Teams Okta SAML 2.0 capabilities, companies can save time, improve security, and enhance their team's experience, making this integration a popular choice for many organizations using Popl Teams.
Start by logging into an Okta admin account and going to the Okta Application Dashboard. Once there, click on "Create App Integration".
On the next popup, choose "SAML 2.0".
Then input the App name as "Popl". A logo can be added later or you can use this one now.
On the next tab titled Configure SAML, put in the following info:
Single sign-on URL:
Audience URI (SP Entity ID):
Default RelayState: Just leave this field blank.
Name ID format:
Application username:
Update application username on:
Once the above items are added, scroll down and click "Next".
On the final tab titled "Feedback", mark "I'm an Okta customer adding an internal app". Then click "Finish".
If you see a pane that looks like the below, don't check either box.
You are now all set to assign (provision) users to the Popl Okta SAML app! Users can be assigned individually or via security groups.
Syncing Members from Azure Active Directory
For the final step, please send the "Metadata URL" under the "Sign On" tab to teams@popl.co and we will complete the SAML setup on our end. Our team will send a confirmation email response once this process is complete. To get the "Metadata URL" simply go to the "Sign On" tab and copy the url as shown below!
For enterprise-grade security and streamlined access to the Popl dashboard, SAML protocol can be utilized for user login on desktop. To log in via Okta SAML, users can click on the Popl enterprise tile, which should be visible on their Okta dashboard under their "My Apps" if the user is part of the provisioned groups for a particular app. Upon clicking the Popl application tile, the user will be redirected to Popl Teams, where they will be logged in instantly, facilitating seamless user experience and ensuring a secure authentication.
There are two types of logins via a Desktop:
Logging in via the Okta "My Apps" Screen (SAML)
This type of login starts from Okta on the "My Apps" page. When a user logs in via Okta, the SAML Okta app that was created using the instructions above will be used to log the user in. This SAML login method is referred to as IDP-initiated login.
Logging in via the Popl Dashboard (SAML or 0Auth)
This type of login starts from our dashboard: dash.popl.co. When a user wants to log in via dash.popl.co, they can either use the "Continue with SSO" button or the "Continue with Microsoft" button to log in.
The "Continue with SSO" button will use the Okta SAML app to log the user in, while the "Continue with Microsoft" button will use an 0Auth method. Both SAML and 0Auth are fully secure login methods and usually the company admin decides how they'd like their users to log into certain platforms. Note: If when clicking on "Continue with SSO" a user is notified to log in using another method like email/pass, this means that Popl does not have a valid Okta SAML XML file from their particular company domain. For example, if a member is trying to log in using "Continue with SSO" with the email john@popl.co, if we don't have a valid SAML XML file from your company for @popl.co, then a popup will appear telling the user to log in using another method instead. See step 7 above for how to provide us with valid SAML information.
There are two types of logins via mobile:
Logging in via the Okta "My Apps" Screen (SAML)
This type of login starts from Okta on the "My Apps" page. When a user logs in via the Okta app, the SAML Okta app that was created using the instructions above will be used to log the user in. This SAML login method is referred to as IDP-initiated login.
Logging in via the Popl Mobile App (SAML or 0Auth)
This type of login starts from the Popl app. When a user wants to log in via our app, they can either use the "Sign in with SSO" button or the "Sign in with Microsoft" button on the app's login page. This SAML login method is referred to as SP-initiated login.
The "Sign in with SSO" button will use the Okta SAML app to log the user in, while the "Sign in with Microsoft" button will use an 0Auth method. Both SAML and 0Auth are fully secure login methods and usually the company admin decides how they'd like their users to log into certain enterprise platforms. Note: If when clicking on "Sign in with SSO" a user is notified to log in using another method like email/pass, this means that Popl does not have a valid Okta SAML XML file from their particular company domain. For example, if a member is trying to log in using "Sign in with SSO" with the email john@popl.co, if we don't have a valid SAML XML file from your company for @popl.co, then a popup will appear telling the user to log in using another method instead. See step 7 above for how to provide us with valid SAML information.
If any issues or questions, please contact us at teams@popl.co, we are available nearly 24/7 and will get back to you within 6-8 hours or less.
With 🤍 from Popl.
