Follow the instructions below to allow your users to sign into Sigstr with Okta.
In Okta’s admin portal, create an app for Sigstr.
In the sign-on settings, do the following:
- Make sure that the Single sign on URL field is pointed to: https://app.sigstr.com/saml/callback
- Check the box for Use this for Recipient URL and Destination URL.
- Make sure the NameID Format is EmailAddress.
- Create an attribute statement of Email with value user:email.
In the Configure SAML step, click on the "Show Advanced Settings" in the bottom right corner. Ensure that the 'Authentication context class' is set to X.509 Certificate.
On the right hand side of the page, click 'Download Okta Certificate' and send the file to email@example.com requesting SAML SSO.
- Can we disable users from logging into Sigstr with a username and password? That way they can only login via SAML or O365? Yes, if this is a requirement for your business, please contact firstname.lastname@example.org to enable this feature. If a user attempts to login with any method other than SAML, it will reject the login and instruct the user to use their identity provider.
- Does signing in from Okta create a new user? Yes and no. If the user already exists in Sigstr, they can be assigned Sigstr in Okta and will be able to login into the app to edit their profile. IF that user does not exist yet in Sigstr, signing into Sigstr will create the user without any signature fields.
- If new users are created in Sigstr from Okta, will the fields from their Okta profiles sync to Sigstr? No. At this time, we do not map fields from Okta to Sigstr. Users would need to fill in their missing signature data upon logging into Sigstr. Alternatively, if your company is using the Employee Automation API, users would just need to wait for the data to be pulled automatically.
- What if a user signs in with an alternate email from Okta? Users who sign in from Okta with an alternate email address will have a new user automatically created within Sigstr. Okta currently does not have the capacity to recognize our primary_email and alternate_email. If any user exists in Okta and needs to sign into Sigstr, you will want to ensure that his/her primary email address in Okta matches his/her primary email address in Sigstr.