Before you begin setting up SSO with Okta, please ensure that you have:
- A Stable account with an administrator role
- An Okta account with administrator access
- Knowledge of how to configure Okta applications
Step 1: Creating an Okta application
1. In the Okta dashboard, go to the "Applications" tab and click "Add Application."
2. Search for "SAML 2.0" and select it.
3. Enter the name of the application (e.g. "Stable") and click "Next".
4. In the "General Settings" section, enter the following information:
- Single sign on URL: [Your callback URI from Stable Support]
- Audience URI (SP Entity ID): [Your audience URI from Stable Support]
- Name ID format: EmailAddress
- Application username: Email
5. Click "Next" and finish configuring the application in Okta.
6. You can skip the feedback screen.
Step 2: Enabling SSO in Stable
1. In the Okta dashboard, click “View SAML Setup Instructions” to view the information required for configuring SSO
2. Email Stable support with the following information:
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 Certificate [Use the download button]
After SSO is configured by Stable on your account, all of your users will be required to login with SSO.
Supported SAML Flows
Currently, Stable only supports the service-provider initiated SAML flow. Identity-provider initiated flows are not supported.
Configuring SCIM Provisioning
Stable uses SCIM 2.0 to automatically provision Okta users assigned to the application in the Stable dashboard.
Step 1: Enabling SCIM Provisioning in Okta
To set up SCIM Provisioning in Okta, follow the steps below:
- In the newly created Okta application, navigate to the "App Settings" section and click on "Edit."
- Select "Enable SCIM Provisioning" from the options provided, then save your changes.
- Navigate to the new “Provisioning” tab and click “Edit” in the “SCIM Connection” section.
- Enable “Create Users” and “Deactivate Users”, then save your changes.
- Navigate to the “Integration” section in the “Settings” sidebar and click on “Edit”.
- In the “SCIM connector base URL” field, enter “https://api.usestable.com/scim/v2”.
- In the “Unique identifier field for users” field, enter “userName”.
- Under “Supported provisioning actions” check “Push New Users” and “Push Profile Updates.”
- For “Authentication Mode” select “HTTP Header.”
- In the “Authorization” field, enter your API key provided by Stable.
- Save your changes, and the SCIM integration will be complete.
Step 2: Provisioning Users
When assigning your Okta users to the Stable application, the SCIM integration will now automatically create Stable accounts for the user when you save the assignment.
To de-provision users, you can either remove their Stable application access in Okta, or delete the user from your Okta account.