SSO Authentication Setup - OKTA
Below you will find requirements and instructions for enabling OneLogin SSO for your organization using the Enterprise Management Interface.
- Administrative rights to your Beam organization.
- An active OKTA subscription with superuser access.
Note: Once Suitable Technologies is connected to OKTA, you can use any supported OKTA authentication method. These include Active Directory, Google Apps, LDAP and more.
Enabling SSO Authentication
Begin by adding the Beam app to your existing OKTA account.
- Navigate to OKTA Home to sign in to your company's Okta account.
- Click Admin in the top right corner.
- From the Admin page, select the Applications tab.
- Search "Beam" to locate and add the Beam App.
- Select the Beam App from the list of applications, then select the Sign On tab.
- In the Settings box, select the button that says View Setup Instructions.
After you have added the Beam application to your OKTA account, you will need to enable OKTA authentication for your Beam organization.
- In a separate browser tab, log in to Your Account.
- You will be redirected to the Advanced Beam Management Dashboard.
- Select Organization from the main menu.
- Select Authentication from the section menu to view your Authentication Settings.
- Under Authentication Method, click Change next to Beam and/or Google Accounts.
- Select Okta, then Continue.
The following instructions will lead you to the necessary information to complete the Configure Okta form:
- Return to the Beam App SSO Setup Instructions on your OKTA account.
- Scroll down to step 4.
1. Copy the entire IDP metadata.
- Tab back to the Configure Okta form and paste the IDP metadata into the OKTA XML field.
- When the form is complete, you must test your SSO configuration before enabling the authentication change.
- Upon successfully testing, click Continue to proceed.
- Next, you will be provided with the option to allow guests access. Allowing guest access will let users not managed by your identity provider be a part of your organization.
- Finally, you will be provided with the option to edit the message sent to all users within the Beam organization informing them of this change.
- Click Confirm and Send E-Mail when complete.
You must verify that your organization owns the domain associated with your user's email accounts. This can be done via DNS TXT or CNAME entry.
- Begin by selecting Add Domain.
- Enter the domain associated with your organization.
- Click Save Domain.
- A green notification box will appear indicating the domain has been successfully added.
- All domains must be verified with a DNS TXT or DNS CNAME.
Note: Domain verification may take a few hours after saving.
- Verify with DNS TXT
- Select Verify with DNS TXT under Domain Management to view instructions for adding a TXT record to your host's DNS settings.
- Verify with DNS CNAME
- Select Verify with DNS CNAME under Domain Management to view instructions for adding a CNAME record to your host's DNS settings.
View OKTA instructions for configuring SAML 2.0 for Beam
Note: You cannot log in to Your Account by clicking on the "Beam" application from the OKTA homepage.