Skip to main content
All CollectionsIntegrationsSingle Sign On
Configuring single sign on with Okta

Configuring single sign on with Okta

Set up &Open an SSO SAML Integration for your gifting platform in Okta to provide your users with one-click logins

&Open Support avatar
Written by &Open Support
Updated over 5 months ago

Configuring single sign-on (SSO) on your gifting platform will enable you to give your team a one-click login experience, using an SSO provider like Okta.

The &Open platform offers just-in-time (JIT) creation of user accounts, so once your SSO provider is configured, your users won’t have to register new accounts or manage passwords to get access. They’ll simply press the login button for your chosen SSO provider to gain access.

Setting up an app

To get started, within the Okta application, navigate to “Applications -> Applications” in the sidebar and then press the “Create App Integration” button.

You’ll be asked which type of integration you want to create — choose “SAML 2.0” as the type of integration.

We’ll now name the app and give it an icon. Call it “&Open Gifts”, or anything else you like, and upload a logo — you can use this one.

SAML Settings

Next we’ll do the technical configuration. When you press Next, you’ll be presented with a form like this:

To configure your application, you’ll just need your &Open account URL, which is provided during sign up by your Customer Success Manager. This is where your users go to send gifts, and it typically takes the form https://companyname.andopen.co.

Set the Single sign-on URL to be https://yourcompany.andopen.co/saml/acs, and tick the box for “Use this for Recipient URL and Destination URL”, and set the “Audience URI (SP Entity ID)” to be https://yourcompany.andopen.co/saml/metadata.

Leave “Default RelayState” blank, and set “Name ID format” to “EmailAddress”. Set Application username to “Okta username”.

Finally, you just need to set up the user details that will be passed with your users so that we can create user accounts for them when they log in. Configure “Attribute Statements” like this:

Name

Value

first_name

user.firstName

last_name

user.lastName

email

user.email

It should look like this when you’re finished:

And you’re done! The last step is to grab your newly-generated “metadata URL”. Access this under the “Sign On” tab, and scroll down to “Metadata details”.

Copy this URL and pass this back to your &Open Customer Success Manager, who will organise getting your SSO configuration live on your account.

Giving Access

Assign access to your new App Integration to whichever groups in your company should be able to use the &Open gifting platform, and enable it on their dashboard for easy access.

Related Articles
How do I configure Single-Sign-On (SSO) for my account
Connecting your gifting platform to BambooHR
Connecting your gifting platform to Hibob HR
Connecting your gifting platform to Workday HR
Configuring single sign-on with Google Workspace
Did this answer your question?