Human Managed uses Okta as our identity provider (IDP) to deliver authenticated user profile data to downstream applications.
This article covers how to set up SAML-based single sign-on (SSO) on Google to give your users access to Human Managed. When you integrate Google with Human Managed's Okta app, you can:
- Enable your users to be authenticated for Human Managed apps with their Google accounts
- Manage your member accounts from the Okta enterprise app in Google
- Reduce administrative effort such as password creation
Before you begin
You need the following to integrate Google with Okta:
- Okta Developer Edition organization
- An OpenID Connect (OIDC) app integration in Okta for the app that you want to add authentication to. You can create a new OIDC app integration or use an existing one.
- An account with Google
Step 1: Create a service request ticket to set up SAML SSO
- Submit a request
- In the Subject, type or select Enable SAML SSO with Google
Step 2: Create the Okta enterprise app in Google
At Google, create the client application that you want to use for authenticating and authorizing your users.
-
Make sure that you can access the Google Developers Console .
-
Create a Google project using these instructions .
-
In the Authorized redirect URIs section of the creation wizard, click ADD URI to add the Okta redirect URI for your app integration.
-
Paste your redirect URI into the text box.
The redirect URI is the location where the Identity Provider (IdP) sends the authentication response (the access token and the ID token). The URI sent in the authorize request from the client needs to match the redirect URI set at the IdP. The URI needs to be located in a secure domain that you own. This URI has the same structure for most Identity Providers in Okta and is constructed using your Okta subdomain and the callback endpoint.
For example, if your Okta subdomain is called
company
, then the URL would be:https://company.okta.com/oauth2/v1/authorize/callback
. If you have configured a custom domain in your Okta Org, use that value to construct your redirect URI, such ashttps://login.company.com/oauth2/v1/authorize/callback
.Include all base domains (Okta domain and custom domain) that your users will interact with in the allowed redirect URI list.
-
Save the generated Client ID and Client Secret values so that you can add them to your Okta configuration.
Step 3: Test the Google integration
When Human Managed completes the integration with your Google, you will receive a notification that the service request has been fulfilled by Human Managed.
Now, you can test the integration to confirm that Google can communicate with Human Managed's Okta.
- Open the HMapps portal (https://identity.hm.works/).
- Sign in using your Google account
- If successful, the Human Managed Apps (HMApps) Dashboard appears with all applications you have access to. If applications have not been assigned, no applications appear on the dashboard.
- The service request is fulfilled and will auto-close when there is no more questions or communication from you.
What to expect after SSO is enabled
Any members already signed in when SSO is enabled will remain signed in. Going forward, all members will sign up and sign in to Human Managed with their IDP account. If you chose to require SSO, your members will see a sign in page before they can access any of the subscribed Human Managed applications.
Comments
0 comments
Please sign in to leave a comment.