For more details on available features in other plans, click here.
Terms to Know
- Identity Provider - The tool that your team uses to provide Single Sign-On functionality. For this article, we'll be exploring a setup process for Okta.
- Metadata - Typically an XML file which tells the tools involved with handling your login process how to complete and validate the requests.
- Enforced SAML/SSO - A setting which specifies SAML/SSO as the primary login method for all users on your team and default login method for all new users.
As an Account Admin on a Professional or Enterprise plan, you have the option to setup single sign-on authentication method for your team. In the following article, we will explore how you can quickly and smoothly setup Okta as your team's SAML/SSO authentication method.
Setting Up Single Sign-On with Okta
Step 1 - Getting Started in Okta
- From your Okta homepage, click on the Applications menu.
- On the page that appears, select the blue Browse App Catalog button under the big Applications title.
- In the Browse App Integration Catalog repository, type "Roadmunk" into the search bar at the top of the page.
- Select the first option, which should be labelled as Roadmunk and should be marked with both SAML and SWA on the right-hand reference list.
- In the Roadmunk application page, select the blue Add button at the top of the left-hand details column to navigate into the setup workflow.
Step 2 - Set up the Roadmunk Application Settings in Okta
- When the setup workflow begins, you'll land on a General Settings page.
- In the General Settings page, uncheck the option for Automatically login when user lands on login page. Since Roadmunk uses a two-step login process, this option may not always work as expected.
- Before clicking Next, you should have both boxes unchecked. Once confirmed, click Next to continue the setup process.
Step 3 - Defining Sign-On Options in Okta
- After clicking Next, you should land on the Sign-On Options page.
- Under Sign-On Methods, we're going to select SAML 2.0 to reveal the SAML options.
- In the yellow notice below the setup panel, you should see a link to your IdP Metadata XML file. Click on this link to open your metadata file in a new tab.
- Once loaded, copy the page URL for your IdP Metadata XML file.
- Important Note: Please leave this page on Okta open in another tab or window before moving on to Step 4 below.
Step 4 - Getting Setup in Roadmunk
- In Roadmunk, click on your avatar in the bottom left corner and navigate to Account Settings.
- In the Account Settings menu, click on the Company tab.
- Locate the SAML/Single Sign-On (SSO) option at the bottom of the tab and click to toggle it on.
- In the menu options that appear, select Enter your IdP XML URL in Step 1 and paste the IdP Metadata file URL that we copied in Step 3. Once pasted, select the Save URL option.
- Saving the URL should generate a Service Provider (SP) Metadata XML file under Step 2. Select the Copy URL button to copy this file's location to the clipboard.
Step 5 - Finalizing the Setup in Okta
- Navigating back into Okta, scroll down to the Advanced Sign-On Settings section of the page.
- In the Metadata URL field, we're going to paste the SP Metadata file that we copied in Step 4.
- In the Credentials Details section below, select the Email option in the Application user Format drop-down menu.
- Clicking on the blue Done button a the bottom will save these settings.
Step 6 - Assign Users to the Roadmunk Application
- Once the settings are saved, you will be taken to the application's assignments page.
- Users and Groups in your organization can be assigned to this application by clicking the blue Assign button in the top-left corner. You could choose to either assign to individual users or groups.
- Once you are on the Assign Roadmunk to People screen, you can assign the corresponding users to the application by clicking the blue Assign button, then click the blue Done to save the changes.
Step 7 - Finalizing the Roadmunk Setup
- Navigating back to Roadmunk, head into the Account Settings menu once more.
- Click into the Company tab again
- Under Authentication Settings, navigate to Default Authentication Method and change it from Password to SAML2.
- Scroll down to the bottom of the page, you will have the option to decide if you would like to check either box of
- Enforce SAML Protection on Published Roadmaps: With this checked, all of the URLs your account publishes will be protected by SAML.
- Enforce SAML Sign-In Only: Users on your account will only be able to login using SAML. Please be careful with this option as you will not be able to easily uncheck this option.
- Click the blue Save button to save all the changes.
- There will be an automatic pop-up window, click the blue Create SAML Login button.
- You will be redirected to login through Okta.
- Once you have successfully signed in, you would see the Success window indicating the successful attachment of SAML.
Enabling Multi-Factor Authentication with Okta Single Sign-On
Okta supports a number of additional authentication layers which can help to provide an extra level of security for you and your team. A great guide on setting up app-level multi-factor authentication in Okta can be found here on Okta's Help Center and easily applied to your team's Roadmunk app.