Setting up Single Sign-On with Okta

If you're using Okta, you can set up a Single Sign-On (SSO) integration with Genius using SAML 2.0.

To do this you'll need to start by setting up a new application in Okta:

  1. Login to the Okta Admin area
  2.  Go to Applications on the left sidebar
  1. Create App Integration
  1. Choose SAML 2.0 
  1. On the General Settings step of the Create SAML Integration screen give your integration to Genius a name - we would suggest AVOXI Genius. You can also (optionally) upload a logo for Genius at this point.
  1. On the Configure SAML step of the Create SAML Integration screen, enter in the following:
    1. Single sign-on URL: https://genius.avoxi.com/api/v1/auth/saml/consume
    2. Audience URI (SP Entity ID): https://genius.avoxi.com
    3. Name ID format: EmailAddress
    4. Application username: Email
    5. Update application username on Create and Update
    6. Also check in advanced settings to make sure the Response and Assertion Signature are both Signed
  1.  Proceed to the Feedback step of the Create SAML Integration screen and choose:
    1. I'm an Okta customer adding an internal app
    2. This is an internal app that we have created
  1. Once you finish creating the SAML integration, you will be brought to the new AVOXI Genius app you've created in Okta. At this point you should copy the Metadata URL as you will need to enter that into Genius later. Before you go to Genius, however, go to the Assignments tab and add some users or groups to the AVOXI Genius app (these are the users or groups which will be allowed to login to Genius via SSO).

 

  1. Genius Setup: In order to set this integration up in Genius - go through the following steps: 
    1. An Administrator must navigate to Home → Settings → Security Controls. From here you will see the Login Settings section. In this section, update the dropdown for Single Sign-On (SSO) to SAML and fill in the following details before clicking Save:
    2. Login Button Label
      1. Optional - this is the text that will show on the Sign in with SSO button. Maximum 30 characters. If no text is provided, then the button will display “Sign in with SSO”
      2. Note: See section on Account Login below for how to set up automatic forwarding to SSO so your users will not need to click a Sign in with SSO button
    3. Metadata URL
      1. Required: - This is your Okta's metadata URL that you copied in step 8 above. Paste into the Metadata URL field and click Save.
    4. Login URL
      1. Optional - This is your identity provider's login URL. You can leave blank if you supplied the Metadata URL above.
      2. E.g. this is the location where the browser would be re-directed to sign in for your users. For Okta, this might be [yourorganization].okta.com. You can sign in to the Okta Admin Dashboard to generate this URL.
    5. SAML Signing Certificate
      1. Optional - This is the PEM Text format x509 Certificate from your identity provider. You can leave blank if you supplied the Metadata URL above
      2. IMPORTANT: Please remove the BEGIN CERTIFICATE and END CERTIFICATE lines and provide your certificate as as a single line in this text box.
      3. E.g. For Okta, you can sign in to the Okta Admin Dashboard to generate the x509 Certificate in PEM Text Format.

 

Once set up to sign in via SAML, your users will be able to sign in to Genius with their credentials from their company account. Please make sure the email for their user in Genius matches the email on their company account or the user may encounter errors when logging in.

 

Account Login

If you want your users to be automatically forwarded to login with SSO (so they do not need to click a “Login with SSO button” you'll need to turn off Account Login.

Account Login is the ability to use your old AVOXI Genius credentials to login with the password managed through AVOXI. Once SSO is enabled, ideally you should turn off Account Login as that will automatically forward your users to sign in with your SSO provider when they attempt to login.

You may want to leave Account Login enabled if you have additional accounts which are not directly tied to a user that you use. These might be things like Administrative accounts or Integration accounts which are not representative of a specific person.

 

Give feedback about this article

Was this article helpful?

Have more questions? Submit a request

Can’t find what you’re looking for?

Contact our award-winning customer care team.