Okta SSO and Provisioning

🚧

Disclaimer

The integration with Okta via the SAML and SCIM protocols is currently under development and is not available to customers yet. Contact us at [email protected] to learn more.

To simplify user access to NeuraLegion, you can configure Single Sign-On (SSO) integration with your Okta application. Either the OIDC or SAML protocol can be used to enable Okta SSO.

You can also take advantage of Okta provisioning feature to automatically synchronize users and groups between your Okta application and NeuraLegion organization.

The provisioning integration is built around an industry-standard protocol known as SCIM (System for Cross-domain Identity Management). This protocol is design for user management across multiple applications. It allows you to easily provision (add), deprovision (delete) and update (map) user data across multiple applications at once.

You can set up SCIM provisioning in Okta to automatically add the Okta application users and groups to your organization in the NeuraLegion App. The added users will be able to access the NeuaLegion App using Okta SSO.

NeuraLegion supports the following attribute mappings for SCIM provisioning:

  • userName
  • email
  • emailType
  • displayName

Enabling Okta SSO via OIDC Protocol

Features

Okta integration with NeuraLegion allows users to link their Okta accounts with their NeuraLegion accounts and sign in to the NeuraLegion App via Okta SSO, using the SP-initiated flow.

Requirements

The NeuraLegion integration with Okta is available to Pro and Enterprise users only. To learn how to upgrade your plan, please read Manage Your Plan.

Step-by-Step Configuration Guide

To enable Okta SSO for your NeuraLegion organization, follow these steps:

  1. Log in to Okta.
  2. Browse for the preconfigured NeuraLegion integration app in the Okta catalog and add it to your applications.
  3. When onboarding, in the General Settings tab, set your subdomain and click Next.
  1. In the Sign-On Options tab, select OpenID Connect.
  1. In the Credentials Details section, set the Application username format to Email, and then click Done.
    The NeuraLegion integration app is set up.
  2. In the Assignments tab, assign users to the app.
    The assigned users will then get SSO access to the NeuraLegion App.
  3. In the Sign On tab, get the credentials of the created app to authorize it in the NeuraLegion App:
  • Copy the client ID and client secret values.
  • Click OpenID Provider Metadata and copy its URL. The metadata URL format is https://{org_slug}.okta.com/.well-known/openid-configuration
  1. Log in to the NeuraLegion App.
  2. In the left pane, select the Organization option, and go to the ORGANIZATION SETTINGS section.
  3. From the Single sign on (SSO) Authentication drop-down list, select Okta, and then click Connect.
  1. On the OKTA AUTHENTICATION page, do the following:
  • Select the Default Role the new members will be assigned to.
  • Select the OIDC protocol.
  • Enter the Client ID, Client Secret and Metadata URL copied from the NeuraLegion integration app in Okta.
  1. Click Save settings.
    After Okta SSO is set up, an email is sent to all the users of your NeuraLegion organization suggesting to confirm their accounts and link their Okta profiles to the NeuraLegion profiles. Once the accounts are linked, the users can log in to the NeuraLegion App using the Okta SSO option.
  2. (Optional) You can enforce SSO registration by selecting the Require your organization members to use SSO to access NeuraLegion checkbox. When this option is selected, only the registered users (current members of a NeuraLegion organization) with existing SSO accounts can access the NeuraLegion App.

🚧

Important

Strict enforcement of SSO for all organization members will require resetting the connection in case of an SSO break. If that happens, please contact the NeuraLegion technical support for assistance.

  1. On the login page of the NeuraLegion App, click Single Sign On (SSO).
  1. Enter your NeuraLegion organization name and click Continue.
  2. Select Sign in with Okta.
    You are redirected to the Okta login page.
  3. Enter your Okta credentials and click Sign In.

Known Issues/Troubleshooting

Please contact our support team at [email protected] if you encounter any issues with NeuraLegion/Okta integration.

Enabling Okta SSO via SAML Protocol

Features

Okta integration with NeuraLegion allows users to link their Okta accounts with their NeuraLegion accounts and sign in to the NeuraLegion App via Okta SSO, using the SP-initiated flow.

Requirements

The NeuraLegion integration with Okta is available to Pro and Enterprise users only. To learn how to upgrade your plan, please read Manage Your Plan.

Step-by-Step Configuration Guide

To enable Okta SSO for your NeuraLegion organization, follow these steps:

  1. Log in to Okta.
  2. Browse for the preconfigured NeuraLegion integration app in the Okta catalog and add it to your applications.
  3. When onboarding, in the General Settings tab, set your subdomain and click Next.
  1. In the Sign-On Options tab, select SAML 2.0.
  1. In the Credentials Details section, set the Application username format to Email, and then click Done.
    The NeuraLegion integration app is set up.
  2. In the Assignments tab, assign users to the app.
    The assigned users will then get SSO access to the NeuraLegion App.
  3. In the Sign On tab, get the metadata of the created application to authorize it in the NeuraLegion App. For that, click Indetity Provider Metadata and copy its URL.
  1. Log in to the NeuraLegion App.
  2. In the left pane, select Organization, and go to the ORGANIZATION SETTINGS section.
  3. From the Single sign on (SSO) Authentication drop-down list, select Okta, and then click Connect.
  1. On the OKTA AUTHENTICATION page, do the following:
  • Select the Default Role the new members will be assigned to.
  • Select the SAML protocol.
  • Enter the Metadata URL copied from the NeuraLegion integration app in Okta.
  1. Click Save settings.
    After Okta SSO is set up, an email is sent to all the users of your NeuraLegion organization suggesting to confirm their accounts and link their Okta profiles to the NeuraLegion profiles. Once the accounts are linked, the users can log in to the NeuraLegion App using the Okta SSO option.
  2. (Optional) You can enforce SSO registration by selecting the Require your organization members to use SSO to access NeuraLegion checkbox. When this option is selected, only the registered users (current members of a NeuraLegion organization) with existing SSO accounts can access the NeuraLegion App.

🚧

Important

Strict enforcement of SSO for all organization members will require resetting the connection in case of an SSO break. If that happens, please contact the NeuraLegion technical support for assistance.

  1. On the login page of the NeuraLegion App, click Single Sign On (SSO).
  1. Enter your NeuraLegion organization name and click Continue.
  2. Select Sign in with Okta.
    You are redirected to the Okta login page.
  3. Enter your Okta credentials and click Sign In.

Known Issues/Troubleshooting

Please contact our support team at [email protected] if you encounter any issues with NeuraLegion/Okta integration.

Enabling SCIM Provisioning between Okta and NeuraLegion

Features

The following provisioning features are currently supported by NeuraLegion:

  • Push New Users. Users created in Okta and assigned to the NeuraLegion integration application in Okta are automatically added as members to the linked organization in the NeuraLegion App.
  • Push Profile Updates. Updates made to the user's profile through OKTA will be pushed to the NeuraLegion App.
  • Push User Deactivation. Deactivating the user or disabling the user's access to the NeuraLegion integration application through OKTA will deactivate the user in the NeuraLegion App.
    Note: For the NeuraLegion integration application in Okta, deactivating a user means removing access to login, but maintaining the user's NeuraLegion information as an inactive user.
  • Reactivate Users. User accounts can be reactivated for the NeuraLegion integration application in Okta.
  • Push Groups. Groups and their members in Okta can be pushed to the linked NeuraLegion organization.

Requirements

  • The NeuraLegion integration with Okta is available to Pro and Enterprise users only. To learn how to upgrade your plan, please read Manage Your Plan.
  • To configure the provisioning flow, first you need to enable Okta SSO for your NeuraLegion organization via the OIDC or SAML protocol. Please see the guides above for the detailed instructions.
  • For the provisioning setup, you will require to create an organization API key or a personal API key with the scim scope and copy its value.

Step-by-Step Configuration Guide

Provisioning Setup in the NeuraLegion App

  1. In the ORGANIZATION SETTINGS, select the option Sync the group & users from your SSO provider to NeuraLegion.
  1. Create an organization API key or a personal API key with the scim scope and copy its value.

Provisioning Setup in Okta

  1. In your NeuraLegion integration app, open the Provisioning tab and click Configure API integration.
  1. Select the Enable API integration checkbox, and then enter the API token copied from the NeuraLegion App.
  1. Click Save.
  2. In the Provisioning to App section, enable the provisioning options you will need by selecting the relevant checkboxes, and then click Save.
    The provisioning setup is completed.

User Provisioning

Once you complete the provisioning setup, every new user assigned to the NeuraLegion integration app will be automatically added to the relevant NeuraLegion organization.

Group Provisioning

Group provisioning from Okta to the NeuraLegion App is only enabled by pushing every group manually.

To push a group to your NeuraLegion organization, follow these steps:

  1. Assign the group you want to push to the NeuraLegion integration app.
  2. In the Push Groups tab, click Push Groups.
  1. Select the group you want to push to your NeuraLegion organization and click Save.

If you need to deprovision a group from your NeuraLegion organization, delete the group from the NeuraLegion integration application in Okta, and then unlink this group in the Push Groups tab.

Known Issues/Troubleshooting

NeuraLegion does not support special symbols for userName. If the userName of an Okta user contains special symbols, they will be sanitized when signing in to a NeuraLegion organization via SSO. For example, “#John Do`e¥” will be signed in to NeuraLegion as "John Doe”.

Please contact our support team at [email protected] if you encounter any issues with NeuraLegion/Okta integration.


Did this page help you?