Okta SSO Setup

Superblocks single sign-on (SSO) with Okta lets your team seamlessly authentication and access Superblocks using their Okta credentials. This guide walks trhough how to configure single sign-on for Superblocks.

Prerequisites

To setup SSO for your organization, you'll need:

• An Okta account
• An user account with App Admin access
• A Superblocks organization on the Enterprise plan

Setup Okta

Set up single sign-on for Okta by creating either a custom SAML or OIDC application. For full details, see Okta's guides for how to:

• Create SAML app integrations
• Create OIDC app integrations

info

For the fastest setup, create an OIDC integration.

If you plan on using SCIM for user provisioning and group management, we recommend creating a SAML integration. Learn more about Managing users and groups with SCIM.

Create an OIDC integration

1. Log in to Okta and go to the Admin Console

2. Navigate to Applications → Applications

3. Click Create App Integration

4. Select OIDC - OpenID Connect as the Sign-on method

5. Select Web Application as the Application type and click Next

6. Configure the following settings for your application

   Name	Superblocks, or a custom name you want users to see on their application dashboard.
   Grant type	Implicit (hybrid)
   Sign-in redirect URIs	https://login.superblocks.com/login/callback
   Sign-out redirect URIs	https://app.superblocks.com/logout
   Assignments	Your desired settings for who can access Superblocks.

7. Click Save. You'll be brought to the General tab of your new application. Stay on this tab and continue to find out what info to send to Superblocks.

Create a SAML integration

1. Log in to Okta and go to the Admin Console

2. Navigate to Applications → Applications

3. Click Create App Integration

4. Select SAML 2.0 as the Sign-on method

5. Provide the general information for the integration and click Next

6. Enter the following information into SAML Settings → General

   Single sign-on URL	https://login.superblocks.com/login/callback?connection=<CompanyName>-SAML
   Audience URI	urn:auth0:superblocks-prod:<CompanyName>-SAML
   Name ID format	EmailAddress
   Application username	Email

   caution

   Replace <CompanyName> with your company’s name. Remove all spaces and special characters from the name. If your company name is multiple words, capitalize the first letter of each word.

   For example, the company River Bank Technologies would become RiverBankTechnologies

7. Configure the follow attributes in SAML Settings → Attribute Statements

   Name	Name format	Value
   email	Unspecified	user.email
   givenname	Unspecified	user.firstName
   surname	Unspecified	user.lastName

8. Click Next and fill out the Okta feedback form, then click Finish.

9. You'll be brought to the Sign on tab of your new application. Click View Setup Instructions and continue to the next section to learn what info to send to Superblocks.

Send IDP info to Superblocks

OIDC application

Send the following information to support@superblocks.com

Client ID	The public identifier for your client located on the General tab of your application.
Client Secret	The secret value shows in the CLIENT SECRETS section. Note: we recommend using a secure transfer mechanism such as `https://onetimesecret.com` or similar to send the secret.
Okta domain	Your company's Okta domain. You can find this by clicking your username in the upper-right corner of the Admin Console. Learn more about how to Find your Okta domain.
Domains	A list of domain and domain aliases your employees should be able to use when logging into Superblocks.
Google Sign-in	If your use Google Workspace, let us know if you want employees to also be able to login with their Google credentials, or if they should be forced to login using Okta.

SAML application

Send the following information to support@superblocks.com

Sign In URL	The Identity Provider Single Sign-On URL in the Okta setup instructions.
X509 Signing Certificate	The certificate downloaded from the setup instructions.
Metadata URL (optional)	Optionally, send us the Metadata URL shown on the Sign on tab of your application.
Domains	A list of domain and domain aliases your employees should be able to use when logging into Superblocks.
Google Sign-in	If you use Google Workspace, let us know if you want employees to also be able to login with their Google credentials, or if they should be forced to login using Okta.