Setting up an Organisation Attendee SSO on Okta

As an Organisation Admin, you can add an Attendee SSO profile so the participants can seamlessly access an event without going through the repetitive login process across different applications on the attendee’s end. This not only enhances convenience but also ensures accountability by verifying the identification of each attendee.

In this documentation, we will navigate you through the following steps to help you set up your Organisation Attendee SSO to prevent unauthorised access to confidential meetings and events.

  • Navigation to Organisation SSO
  • Add Attendee Profile SSO
  • Create an Application on Okta
  • Assign Attendee
  • Edit Attendee SSO Profile

Let’s get started 🚀

Navigation to Organisation SSO

Step 1: Log in to your Pigeonhole Live account to access its dashboard. Click on your Workspace selection list from the top-left corner of the interface.

Step 2: Select your Organization name from your workspace selection list.

Step 3: Click on the Settings button from the top navigation bar to configure the organisation's Single Sign-On setup.

Step 4: Select the Single Sign-On option from the Organisation Settings to configure access to your workspace via the company‘s identity provider (Okta).

Add Attendee SSO Profile

Adding an attendee SSO Profile ensures a seamless login experience for attendees while maintaining security measures specified by the organisation. It creates a more efficient, user-friendly, and secure authentication process for attendees accessing interactive events and engagement features.

Step 1: From the Single Sign-On Page, click on the Add Attendee SSO profile button.

Further, you will need to follow the actions for the parameters listed on the attendee SSO profile as shown in the following table:

Parameters Description Actions
Callback URL The callback URL is a request parameter. It is the URL to which users are redirected once the authentication is complete. This is where your application receives and processes the response from Okta. Copy the Callback URL
Service Provider Entity ID An Entity ID is a unique identifier for an Identity Provider. This Entity ID is used to identify each party in the SSO process. It's often part of a metadata file (an XML file with a certificate, entity ID, and endpoint URLs). Copy the SP Entity ID.

 

Create an Application on Okta

Creating an application using Okta Dashboard assigns it a client ID (a unique identifier), which you can use in your application while setting up attendee SSO for your workspace using Pigeonhole Live. 

This also allows you to configure a SAML2 Web Application, a widely used mechanism for authentication, authorisation, and SSO implementation in web applications.

Step 1: Sign in to your Okta account as an Admin and it will redirect you to the dashboard. Click on the Applications dropdown list from the left menu of the interface and select the Applications option.

Step 2: Click on the Create App Integration button from the middle of the interface.

Start creating your new app integration by selecting an application type as a sign-in method. We have selected the SAML 2.0 option (as Pigeonhole Live support this method to set up SSO).

Applications Description
OIDC (OpenID Connect) Token-based OAuth 2.0 authentication for API endpoints for Single Sign-On (SSO). This option is recommended if you intend to create a custom app integration with the Okta Sign-In Widget.
SAML 2.0 SSO open standard based on XML. Use if your application's Identity Provider only supports SAML.
SWA (Secure Web Authentication) Okta-specific SSO method. Use if your application doesn't support OIDC or SAML.
API Services For machine-to-machine authentication, interact with Okta APIs using scoped OAuth 2.0 access tokens.

 

Step 3: After selecting the SAML 2.0 option, click on the Next button.

To set up SAML integration for your application, you need to configure the following:

  • General Settings
  • Configure SAML
  • Feedback

General Settings

Enter the general information for the SAML integration like the app name and click on the Next button.

Configure SAML

Configure the application to establish a secure and authorised communication link between Pigeonhole Live and Okta so that it sends the correct user profile attributes to the application(s).

Settings Description Actions
Single sign-on URL The URL to which the SAML assertion is transmitted via HTTP POST. This is commonly referred to as your application's SAML Assertion Consumer Service (ACS) URL. Paste the Callback URL
Audience URL (SP Entity ID) The application defines the unique identity of the SAML assertion's intended audience. This is usually your application's SP Entity ID. Paste the SP Entity ID.
Name ID format Identifies the SAML processing rules and constraints for the assertion's subject statement. Use the default value of 'Unspecified' unless the application explicitly requires a specific format. Select the Email Address

 

Scroll down and configure the following attribute statements (optional). 

Statements  Description
Name Enter a Name for the attribute.
Value Enter a Value for the attribute defined by the Name element.

 

After entering the required details, click on the Next button.

Feedback

Provide Okta support with useful background information about your application. Check the option “I’m a software vendor. I’d like to integrate my app with Okta” and click on the Finish button to complete the SAML Integration.

Now you will need to download the Identity Provider Metadata file that will be used by Pigeonhole Live to send SAML-based authentication requests to Okta. For this purpose, follow the below steps:

Step 1: Locate the Metadata details section to copy the Metadata URL.

Step 2: Launch the metadata URL into a new tab.

Step 3: Save the IDP metadata file to download it to your local machine in XML format.

Assign Attendee

After creating the App (SAML) integration for attendees, you can assign a user as an attendee to access an event without going through the repetitive login process across different applications on the attendee’s end. For more information about adding a user in Okta, refer to this link.

Step 1: Select your created App Integration and click on the Assignments tab.

 

Step 2: Select the Assign to People option from the Assign dropdown.

Step 3: Search for the user you added as an Organisation Admin and click on the Assign button.

Step 4: Click on the Save & Go back button to continue.

Step 5: Click on the Done button to finish.

This will add your assigned Organisation Attendee to the Application that has been set up in Okta.

Edit Attendee SSO Profile

After creating an application in Okta, you will need to edit an Attendee SSO profile which involves modifying the SAML settings associated with the organisation SSO from Pigeonhole Live.

Step 1: From the Single Sign-On Page, click on the Edit button of your Attendee SSO profile.

Step 2: A modal window will appear on the screen, where you must enter the Attendee SSO Profile name and upload the IdP metadata file.

Step 3: Click on the Save button to save the SAML settings containing your IdP metadata associated with the organisation SSO.

This will complete the Organisation Attendee SSO setup.

Enable SSO for your Attendees

Manage the attendee SSO profiles for your workspaces from Pigeonhole Live events using SSO configuration. 

Step 1: Click on your Organisation selection list from the top-left corner of the interface and select your Workspace name from your Organisation selection list.

Step 2: Click on your Workspace selection list from the top-left corner of the interface and select the Workspace Settings of your selected workspace.

Step 3: Select the Pigeonhole policies option to configure Attendee SSO profile availability.

Step 4: Check the Availability option corresponding to the Attendee SSO profile you added.

Note: Selecting "Default" for the Attendee SSO profile will let you set that attendee profile as the default for every newly created pigeonhole (event).

Step 5: Click on the Save button to save the changes. 

Step 6: Select the Pigeonholes tab from the top navigation bar and this will take you to the Pigeonhole page where you need to set up an Event which will apply the saved SSO configuration for the attendee. 

For Setting up the Pigeonhole Live event, refer to this documentation on- Setting up and Editing your Event Info

Step 7: Click on the Attendees tab from the top menu bar.

Step 8: Navigate to the “Registrant Profiles” section, uncheck the Enable registrant profile for this event option and click on the Save button.

Step 9: Click on the Security tab from the menu bar.

Step 10: Select the Attendee SSO profile which you added for your workspace from organisation settings and click on the Save button.

This will complete the configuration for the Organisation Attendee SSO setup. Now you can Run link (Audience Web App) which will redirect you to access Okta Attendee SSO.