Single sign-on (SSO) is a user authentication tool that enables users to securely access applications and services using just one trusted set of credentials. OptinMonster’s Okta integration provides your business additional layers of controlling access to your OptinMonster account.
Create a new application called OptinMonster
Once logged in to the Okta admin, navigate to the Applications page using the sidebar on the left.
Click the Create App Integration button.
In the resulting pop-up select SAML 2.0 and click Next.
On the Create SAML Integration page, enter the following:
*Any setting not directly addressed is optional.
General Settings
App name: OptinMonster
App logo: You can download our Press Kit here — For best results, use the Logos/Web/Logo/logo-color-medium.png
file. This logo will help identify to your users that they are logging into OptinMonster via Okta.
Click Next.
Configure SAML
The <slug> referenced below will be provided as part of the setup with support.
Single Sign On URL: https://app.optinmonster.com/saml/sso/<slug>/
Ensure “Use this for Recipient URL and Destination URL” is checked
Audience URI: https://app.optinmonster.com/saml/sso/<slug>/
Default RelayState: no value
Name ID Format: EmailAddress
Application Username: Email
Click Next.
Feedback
Are you a customer or partner?: Select “I’m an Okta customer adding an internal app”
App type: Check “This is an internal app that we have created”
Click Finish.
Once finished, you should be directed to your new application’s page.
(Optional) Setup Multifactor Authentication (MFA)
If you would like to implement MFA/2FA with this Okta SSO setup, you will need to first ensure MFA methods are setup for your organization, and that in your policy, they are set as required. Configuring these settings is outside the scope of OptinMonster support. Please see Okta’s guides for implementing MFA below:
- https://www.okta.com/resources/whitepaper-multi-factor-authentication-deployment-guide/
- https://developer.okta.com/docs/guides/mfa/-/main/
To ensure this SSO SAML 2.0 Application implements your MFA methods, you will need to add a new Sign On Policy Rule.
- On the application page, click on the Sign On tab
- Scroll down to the Sign On Policy section
- Click on the Add Rule button
- Give the rule a name, e.g. SSO MFA
- For most of these settings, select the values most fitting for your application
- Ensure the Prompt for factor is checked, and select the frequency for the prompt
- Click Save
Collect and Send Application Information
To complete your setup, we need you to collect the following information for your app and send to [email protected].
- On the application page, click on the Sign On tab
- In the sidebar, click on the View SAML setup instructions button
- A new tab should open titled How to Configure SAML 2.0 for OptinMonster Application.
- On this screen you should be presented with the following:
– Identity Provider Single Sign-On URL
– Identity Provider Issuer
– X.509 Certificate
We suggest using https://onetimesecret.com to share this information with OptinMonster support.
Once we’ve received the information above, we will complete the integration for your account and let you know when it is complete.
To test the completed OptinMonster Okta integration, visit your Okta account and click on the OptinMonster application. You should be immediately logged in through your Okta credentials. Alternatively, if any user logs in with an email ending with your configured domain, they will be redirected to the SSO login.