This article outlines the steps needed to enable Single Sign On (SSO) between Share911 and OKTA via SAML 2.0. SSO integration means that staff will not need to set a password in the Share911 system in order to log in. Rather they will be able to use their existing network password and authenticate with your organization's existing OKTA system to gain access to Share911.
You will need to have one user already created in Share911 with Manage Channel permissions on the top-level channel.
- Log in to OKTA administrator account
- Click the "Admin" button in top right
- Click "Applications" tab
- Add Application
- Create new App
- Platform: Web
- Sign on method: SAML 2.0
- App name: Share911
- Click "Next"
- Switch to new browser window/tab
- Log in to https://share911.com/ with your admin account
- Select the top-level channel for your organization
- User Menu -> Manage Channel -> Integrations
- SSO with SAML 2.0
- Type "https://share911.com" as the Issuer
- Copy the "Share911 Assertion Consumer Service URL"
- Switch back to OKTA
- SAML Settings
- Single sign on URL:
- "Use this for Recipient URL and Destination URL" should be checked
- Audience URI: Enter "https://share911.com"
- Default RelayState:
- Name ID Format: EmailAddress
- Application Username: Email
- Click "Next"
- Help Okta support...
- Are you a customer or partner?: I'm an Okta customer adding an internal app
- Click "Finish" (You should be redirected to the Share911 app you just created)
- Sign On Methods
- Click the "Identity Provider metadata" link, which opens a new tab
- Copy the URL from this new tab
- Switch back to Share911 browser tab (You should be on the Manage Channel -> Integrations page)
- Paste the "Identity Provider metadata" URL into the "Metadata URL" field
- Check the "Enable Integration?" check box at the top
- Switch back to Okta browser tab
- Click the Assignments tab
- Click "Assign" -> "Assign to Group" and select or enter your group for all users
- Share911 - OKTA SSO SAML integration is complete. Users who have an existing Share911 account will be able to use SAML to log in to Share911 (User accounts will be sync'd via SCIM with Okta)