Configuring Attendee SSO for Okta

This article will walk you through the steps for setting up Attendee Single Sign-on (SSO) for Okta. First, refer to this article to complete the initial steps of setting up SSO.

Once you've completed the necessary steps follow the instructions below to continue SSO configuration for Okta. You can also refer to this guide by Okta

1. Go to your Pigeonhole Live Workspace. Click on your Profile on the top-right corner of the page > SSO Configuration.

2. Click on the Attendees tab and complete the two-step setup.

Screen_Shot_2020-02-28_at_3.51.16_PM.png

Configure Attributes on your IdP: Okta 

  1. Open Okta portal and select the SAML application that will be used in Pigeonhole Live.
  2. Under SAML Settings
    1. Under the General, set the 
      1. Name ID format to EmailAddress
      2. Application Username to Email
        Screenshot_from_2019-09-11_15-09-36.png
    2. Under the Attributes Statements(Optional) add two attributes statements.
      1. name set to user.firstName
      2. emailaddress set to user.email

Screen_Shot_2019-10-22_at_2.03.31_PM.png

Click save settings to save the configuration. 

 

Fill in the SAML parameters you obtained from Okta 

1. Fill in name for your SSO Profile name according to your organisation's SSO naming convention.

2. Then, fill in the details you obtained from Okta or upload the Metadata file provided and click save. 

Screen_Shot_2020-02-28_at_3.53.58_PM.png

3. After you have completed the steps above, return to your Team Workspace.

By default, your Pigeonholes are not configured to require SSO for attendees. To turn on SSO for your attendees, go to Pigeonhole> More settings > Security. Under Single Sign-On for Attendees, select the Attendee SSO Profile that you want to enable and click save. 


Screen_Shot_2020-06-30_at_5.38.43_PM.png

 

When your event attendees enter your Event Passcode or scan your Event QR code, they will be brought to your Okta domain to be authenticated. Only after successful authentication will they be redirected to your Pigeonhole where they can start engaging. 

Screen_Shot_2019-11-08_at_1.51.47_PM.png

 

Note: You can only make one sign-in option (SSO for attendees or Registrant Profiles) available at any one time. The other sign-in option will be disabled when either is selected.