SAML SSO using Okta
Spoke is excited to offer an integration with Okta. This simply means that we've laid the groundwork for integrations to Okta, to save you time!
The Okta/Spoke (www.askspoke.com) SAML integration currently supports the following features:
- SP-initiated SSO
- IdP-initiated SSO
- JIT (Just In Time) Provisioning
For more information on the listed features, visit the Okta Glossary.
For Spoke-specific SAML best practices, make sure you read the Before you Begin section.
Before you begin
- Only Spoke Admins have the superpowers to enable SAML for the organization.
- After SAML is enabled, all non-admin members in Spoke must log in with SAML. Admins who have not setup a password will be prompted to with a banner in the web app. Admins can still log in with a password as needed.
- Because the SSO setup will log out all users and admins, it’s best to setup SAML when there are few users logged in. Whether it be before launch, or outside of business hours.
- Spoke offers just in time provisioning. This means that if a user logs into Spoke for the first time using SSO, an account will automatically be created.
Login to your Spoke account. Then navigate to Settings > SAML.
In a second tab, sign into the Okta Admin Dashboard. You will need to copy the following fields from Okta into Spoke.
- Sign on URL
- Public certificate:
Once you have pasted information into these fields, select "Test SAML Connection"
If everything has been filled in correctly, you will receive a message that your test has succeeded. To finish enabling SAML, click "Enable SAML"
Once enabled, all users will be logged out and need to log in using their Single Sign-on provider. Click "Yes, enable SAML and log out"
- Make sure that you entered the correct value in the Subdomain field under the General tab in Okta. Using the wrong value will prevent you from authenticating via SAML to Spoke.
- The following SAML attributes are supported:
- Go to: https://[your-subdomain].askspoke.com/login.
- Enter your email, then click the arrow icon:
- Click Log in with SSO: