Setting up an Organisation Workspace SSO on Okta

As an Organisation Admin, you can set up and configure an Organisation Workspace SSO. This will allow you to manage the authentication and access control for multiple users within an organisation. For example, the SSO can simplify the login process by allowing the users to sign in once and access multiple applications (including Pigeonhole Live) without the need to enter the login credentials again. 

In this documentation, we will navigate the following steps to help you set up your Organisation Workspace SSO to prevent unauthorised access to confidential meetings and events. 

  • Navigation to Organisation SSO Setup Page
  • Create an Application on Okta
  • Create a User on Okta
  • Add Organisation SSO Profile

Let's get started 🚀

Navigation to Organisation SSO Setup Page

Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.

Step 2: Select your Organisation name from your workspace selection list.

Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.

Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Okta).

While setting up SSO for workspace users, copy the Callback URL and Service Provider Entity ID. 

Parameters Description Actions
Callback URL The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Okta. Copy the Callback URL
Service Provider Entity ID An Entity ID is a unique identifier for an Identity Provider. This Entity ID is used to identify each party in the SSO process. It's often part of a metadata file (an XML file with a certificate, entity ID, and endpoint URLs). Copy the SP Entity ID.

 

Create an Application on Okta

Creating an application using Okta Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up organisation SSO for your workspace using Pigeonhole Live. 

This also allows you to configure a SAML2 Web Application, a widely used mechanism for authentication, authorisation, and SSO implementation in web applications.

Step 1: Sign in to your Okta account as an Admin and it will redirect you to the dashboard. Click on the Applications dropdown list from the left menu of the interface and select the Applications option.

Step 2: Click on the Create App Integration button from the middle of the interface.

Start creating your new app integration by selecting an application type as a sign-in method. We have selected the SAML 2.0 option (as Pigeonhole Live support this method to set up SSO). 

Applications Type Description
OIDC (OpenID Connect) Token-based OAuth 2.0 authentication for API endpoints for Single Sign-On (SSO). If you intend to create a custom app integration with the Okta Sign-In Widget, this option is recommended.
SAML 2.0 SSO open standard based on XML. Use if your application's Identity Provider only supports SAML.
SWA (Secure Web Authentication) Okta-specific SSO method. Use if your application doesn't support OIDC or SAML.
API Services For machine-to-machine authentication, interact with Okta APIs using scoped OAuth 2.0 access tokens.

Step 4: After selecting the SAML 2.0 option, click on the Next button.

To set up SAML integration for your application, you need to configure: 

  • General settings
  • Set up SAML
  • Feedback

General Settings

Enter the general information for the SAML integration like the app name and click on the Next button.

Configure SAML

Configure the application to establish a secure and authorised communication link between Pigeonhole Live and Okta so that it sends the correct user profile attributes to the application(s).

Settings Description Actions
Single sign-on URL The URL to which the SAML assertion is transmitted via HTTP POST. This is commonly referred to as your application's SAML Assertion Consumer Service (ACS) URL. Paste the Callback URL
Audience URL (SP Entity ID) The application defines the unique identity of the SAML assertion's intended audience. This is usually your application's SP Entity ID. Paste the SP Entity ID.
Name ID format Identifies the SAML processing rules and constraints for the assertion's subject statement. Use the default value of 'Unspecified' unless the application explicitly requires a specific format. Select the Email Address

 

After entering the required details, click on the Next button.

Feedback

Provide Okta support with useful background information about your application. Check the option- “I’m a software vendor. I’d like to integrate my app with Okta” and click on the Finish button to complete the SAML Integration.

Now you will need to download the Identity Provider Metadata file that will be used by Pigeonhole Live to send SAML-based authentication requests to Okta. For this purpose, follow the below steps:

Step 1: Locate the Metadata details section to copy the Metadata URL.

Step 2: Launch the metadata URL into a new tab.

Step 3: Save the IDP metadata file to download it to your local machine in XML format.

Note: If you already have an “Organisation Admin” as a user on Okta, you can directly jump onto this section of the document- “Assign Organisation Admin”, or else follow the steps in the immediately below section- “Create a User on Okta”.

Create a User on Okta

Creating a user (admin) on Okta helps in managing user identities such as password resets, blocking and deleting users, and creating and provisioning. 

Step 1: Click on the Directory option from the left menu of the interface and select the People option.

Step 2: Click on the Add Person button.

A modal window will appear where you must enter the following information.

Fields Description
User type Select a user type
First name Enter the user's first name
Last name Enter the user's last name
Username Enter the user's username in email format (i.e.Pigeonhole Organisation user’s Email)
Primary email Enter the user's primary email if it's different from their username
Password Select Set by user to allow the user to set their password
Activation This option is for activating the password. Select Activate Now or Activate Later to set the user password.

 

Step 3: After entering the required details, click on the Create button.

Assign Organisation Admin

After creating the App (SAML) integration for workspace SSO, you can assign a user as an Organisation Admin to the application that you created on SSO.

Step 1: Click on the Applications dropdown list from the left menu of the interface and select the Applications option.

Step 2: Select your created App Integration and click on the Assignments tab.

Step 3: Select the Assign to People option from the Assign dropdown.

Step 4: Search for the user you added as an Organisation Admin and click on the Assign button.

Step 5: Click on the Save & Go back button to continue.

Step 6: Click on the Done button to finish.

This will add your assigned Organisation Admin to the Application that has been set up in Okta.

Add Organisation SSO Profile

After creating an application and user in Okta, you can add an SSO profile for your organisation that lets you log into the application server and Data Center with Okta credentials.

Step 1: From the Single Sign-On Page, click on the Add Organisation SSO profile button.

Step 2: A modal window will appear on the screen, where you must enter the SSO Profile name and upload the IdP metadata file. 

Step 3: Click on the Test configuration button to validate the integration between Okta and the SSO setup in Pigeonhole Live is functioning correctly.

Step 4: You will be redirected to the Okta login page. Enter the Organisation Admin credentials (the user you created on Okta), and click on the Sign In button.

You will be again redirected to Pigeonhole Live with a Single sign-on configuration message where you need to click on the Apply new configuration button to add the Workspace Okta SSO.

Note: If you wish to discard the new set-up and revert to your old SSO configuration, select Keep existing configuration. 

This will complete the Organisation Workspace SSO setup by adding a new SSO profile.