Precoro Help Center

Simple steps to set up SSO with Okta:

1. Open the Configurations tab on your left and go to the SSO settings tab, move the switch to On;
2. Open your account in Okta and create a new App Integration or choose an existing one.
   

How to configure the App Integration:

1.  After clicking on the Create App Integration button, select the SAML-based sign-in method;    
2. Fill in all necessary fields on Step 1 — General Settings and proceed to the next step:
   
   
3. Configure SAML Settings:
   • Fill in fields in the General section. You need to match fields from your SSO configuration tab in Precoro with fields in Okta:
     • Single sign on URL —> Assertion Consumer Service (ACS)
     • Audience URI (SP Entity ID) —> Entity ID
     • Mark the Use this for Recipient URL and Destination URL checkbox as 'active' (it's just under the Single sign on URL field);
       
           
   • Select the EmailAddress parameter for the Name ID format field;
   • Select the Email parameter for the Application username field; 
     
     
4. Click Show Advanced Settings and:
   • Set Assertion Encryption as Encrypted;
   • Download Precoro Certificate and upload it into the Encryption Certificate field;
     
     
   • Enable Single Logout by marking the Allow application to initiate Single Logout checkbox as 'active';
   • Match fields from your SSO configuration tab in Precoro with fields in Okta: 
     • Single Logout URL —> Single Logout Response Endpoint;
     • SP Issuer —> Entity ID;
   • Download Precoro Certificate and upload it into the Signature Certificate field;
     
5. Set up the Attribute Statements section:
   • Type "email" in the Name field;
   • Select 'user.email' for the Value field;
     
     
     
     
6. Proceed to the last step and click the Finish button.

Configure SSO in Precoro

1. Fill in Step 3: Identity Provider Issuer:
   • Go to the Sign On tab on the just configured App Integration;
   • Scroll down, find, and click the View Setup Instructions button;
   • Copy the value of Identity Provider Issuer and paste it to Step 3: Identity Provider Issuer in Precoro;
     
     
     
     
2. Upload Metadata to Precoro:
   • Find the Identity Provider metadata on the Sign On tab;
   • Open the link and save Metadata on your computer;
   • Upload this file to Step 4 in Precoro;
     
     
3. Click the Update button. Now the SSO is configured.
   
   
4. Please, do not forget to assign users to this Application.