Social Pinpoint

This how-to article does not cover how to set up Okta as an IdP. We assume you already have Okta setup and working with a table of users.

___________________________________________________________

Create a new SAML Application in Okta

From the Okta Admin console go to Applications &gt; Applications (<a href="https://yoursubdomain.okta.com/admin/apps/active" target="_blank" rel="nofollow noopener noreferrer">https://yoursubdomain.okta.com/admin/apps/active</a>)

Click the Add Application button in the top-left

Click the Create New App button in the top-right

Select SAML 2.0 for the Sign on method

1. From the Okta Admin console go to Applications &gt; Applications (<a href="https://yoursubdomain.okta.com/admin/apps/active" target="_blank" rel="nofollow noopener noreferrer">https://yoursubdomain.okta.com/admin/apps/active</a>)
2. Click the Add Application button in the top-left
3. Click the Create New App button in the top-right
4. Select SAML 2.0 for the Sign on method

Create a new Identity Provider in Social Pinpoint (new tab)

Navigate to Manage Account (/admin/manage)

Click the New Identity Provider (IdP) button in the top-right

Copy the values for ASSERTION CONSUMER SERVICE URL and ISSUER / ENTITY ID and save these for the next step

1. Navigate to Manage Account (/admin/manage)
2. Click the New Identity Provider (IdP) button in the top-right
3. Copy the values for ASSERTION CONSUMER SERVICE URL and ISSUER / ENTITY ID and save these for the next step
4. Leave this window open for the moment

Create SAML Integration (back in Okta)

Enter the value you saved for ASSERTION CONSUMER SERVICE URL in the Single sign on URL field

Enter the value you saved for ISSUER / ENTITY ID in the Audience URI (SP Entity ID) field

For the Application username field select email

Add an attribute called first_name with Name format Unspecified and value user.firstName (see screenshot for example setup) (only required if you wish to provision users)

Navigate to the Sign On tab and copy the link value for the link Identity Provider metadata (see screenshot for location of link)

1. Enter an App name
2. Click Next
3. Enter the value you saved for ASSERTION CONSUMER SERVICE URL in the Single sign on URL field
4. Enter the value you saved for ISSUER / ENTITY ID in the Audience URI (SP Entity ID) field
5. For the Application username field select email
6. Add an attribute called first_name with Name format Unspecified and value user.firstName (see screenshot for example setup) (only required if you wish to provision users)
7. Click the Next button
8. Continue until your app has been created
9. Navigate to the Sign On tab and copy the link value for the link Identity Provider metadata (see screenshot for location of link)

Enter metadata url in Social Pinpoint

Under the Identity Provider Configuration section select URL from the tab options

Paste the metadata url you got from the previous step and click Generate settings

1. Under the Identity Provider Configuration section select URL from the tab options
2. Paste the metadata url you got from the previous step and click Generate settings

(Optional) Set up attribute mapping

If you wish to provision users then you must at least provider first name from the IdP to SPP

Navigate to the FIRST NAME field under SAML Attributes and enter the value first_name (to match the value you entered in Okta)

1. Navigate to the FIRST NAME field under SAML Attributes and enter the value first_name (to match the value you entered in Okta)
2. Click Save in the bottom-left

Once you are happy with your settings you may enable your Identity Provider inside of Social Pinpoint.

Once enabled the a Single Sign-On button should appear on the sigh-in screen

Once you have assigned your users to this app then they will be able to sign in to Social Pinpoint with one-click