Single Sign-On (SSO) is a great way to improve the security and user experience for your Keepabl account – and Okta is one of our supported Identity Providers, or IdPs.
We’ve prepared this guide so that you can get SSO up and running with Okta as your IdP for Keepabl. For more information, please see our detailed Admin Guide to SSO & Keepabl.
Please note, you need to be the Super Admin in your Keepabl account to set up SSO in Keepabl.
The following provisioning features are supported with Okta as your IdP:
To protect the Security of your Keepabl account and to respect least privilege access practices, any new user assigned to Keepabl in an IdP is created in Keepabl with a ‘blank account’ with no access rights: they’ll see nothing when they login to Keepabl. You can then go to your Admin Portal in Keepabl and give them the exact, tailored access rights appropriate for their role.
Now let’s run through the simple steps to use Okta as your IdP for Keepabl.
First log into Keepabl and go to Admin Portal > Your Organisation, where you’ll see the Single Sign-On (SSO) section. Click on the Setup Identity Provider button:
You will be taken to the SSO Setup page, where, once you select Okta as your provider, you will see your Base URL, Audience URI (SP Entity ID) and API Token. You will need to enter these into your Okta account.
Next, log into your Okta account:
Then enable Provisioning by clicking the Configure API Integration button:
Enter your Base URL and API Token from Keepabl into the relevant fields and click Save:
Now select To App in the left-hand panel, and enable the Provisioning Features you want and click Save. To benefit from the features supported at the top of this page, we recommend ticking the 3 boxes for Create, Update and Deactivate, as shown below:
Now you just need your Entity ID, SSO Login URL and X509 Certificate from Okta to put into Keepabl. To get these within Okta, click on the Sign On tab and then the View Setup Instruction button, as shown below:
This will open the setup instructions and you will see your Entity ID and SSO Login URL and you can download your X509 Certificate. We’ll now go and enter these into Keepabl.
Go back to Keepabl’s Set up SSO page, where you’ve already chosen Okta as your provider, and:
Congratulations! You’ve now set up Okta as your IdP and can now assign people to Keepabl in Okta.
Please reach out to us at firstname.lastname@example.org if you have any issues.