Once you're on the Authentication section of your Directory, use the following steps to set up single sign-on using Okta and SAML.
Supported SAML features
The following features are supported with Sift's SAML integration to Okta
Sign-in can be initialized from Okta
Sign-in can be initialized from Sift via https://login.justsift.com
For more information on the listed features, visit the Okta Glossary.
Step 1: Go to Okta, and add Sift from the Okta App Catalog
Go to Applications->Applications->Browse App Catalog
Search for "Sift" using the search bar, and add the integration
Navigate to the "Sign In" tab and click the "Edit" button
Step 2: Provide the necessary Service Provider (SP) information from Sift to Okta
Leaving Okta open in a separate tab, navigate to your Authentication Page in your Sift admin dashboard for the Directory in which you want to set up SSO (In many cases, you'll only have a single Directory).
Flip the switch in the "Single Sign on With SAML" box to "On"
In your web browser URL, you will see an address formatted something like: "https://my-subdomain.justsift.com/admin/directories/1bac640a-b87c-47cd-bee4-9081267fb786/auth"
Copy the directory identifier (in the above exampe: "1bac640a-b87c-47cd-bee4-9081267fb786" and enter it in the "DirectoryId" input box in Okta.
Copy the subdomain (in the above example: "my-subdomain") and enter it in the "SubDomain" input box in Okta.
Set "Name ID format" to "EmailAddress"
Set "Application username" to "Email"
Under "Attribute Statements", add the following:
Name: firstName Name format: Basic, Value: user.firstName
Name: lastName Name format: Basic Value: user.lastName
Step 3: Provide the necessary Identity Provider (IdP) information from Okta to Sift
In Okta, copy the "Metadata URL" and navigate to the URL in your web browser
Save the XML metadata to your computer (Ctrl/Cmd + S)
Open the saved XML file in a text editor, and copy the content to your clipboard
In Sift, paste the XML string in the "IDP Metadata" text area
In Sift, set the attribute mappings as shown below. The values on the left hand side should match the "Name" values you set in Okta above
(Recommended) If you would like to disable standard username/password authentication on Sift, and only allow your users to sign in via SSO, flip the switch next to "Passwords" to Off
Click the "Save" button
Step 4: Assign users/groups in Okta and test the integration
In Okta, go to the "Assignments" tab
Assign any users and groups that you would like to have access to Sift, including yourself if you'd like to test the integration
Go to your end user dashboard in Okta and click on the newly created application to test IdP (Okta) initiated SSO. To test SP (Sift) initiated SSO, go to https://login.justsift.com, and enter your email address
You should be successfully signed in! If you have any issues, reach out to us