Skip to main content
Adaptive Insights
Knowledge and Support - Adaptive Insights

SAML SSO Okta

Provides instructions for configuring Adaptive Insights to accept SAML SSO tokens from your instance of Okta. In SAML terms, your Okta instance is an identity pro­vider and Adaptive Insights is a service provider. There are two approaches for configuring SAML SSO in Adaptive with Okta. In the first approach, you will make use of the Okta-val­idated Adaptive Insights application. This is the recommended approach. If you are unable to configure SAML SSO using the standard Adaptive Insights application, the second approach might be more appropriate. In this case, you would be creating a new Okta application to connect to Adaptive Insights.

Prerequisites

The prerequisites for these procedures are:

  • An Okta account with administrative permissions
  • An Adaptive account with administrative permissions
  • A confirmation email from Adaptive stating that SAML has been provisioned on your Adaptive instance

Approach 1

In this approach, you will make use of the Okta-validated Adaptive Insights application. This is the recommended approach. If you aren’t able to complete the configuration this way, try Approach 2.

Add the Adaptive Insights Application in Okta

To add the Adaptive Insights application in Okta, follow these steps:

  1. Log in to Okta.

  2. Click Administration.

  3. Click the Applications tab.

  4. Click Add Application.

  5. In the search text box, enter Adaptive Insights.

    SAMLSSO-OktaAddApplication.jpg
  6. Select the Adaptive Insights (Okta verified) app by clicking Add.

  7. On the Add Adaptive Insights screen, enter the following properties:

  1. Application label: The default name is Adaptive Insights. You can choose to leave the default name as the application label.

  2. Adaptive Insights SSO URL: Enter a placeholder URL (for example, http://www.adaptiveinsights.com). You will revisit this property to provide an updated URL at a later step.

  3. NameID format: Default value is Unspecified. Leave this value as it is.

  4. Application Visibility:

  • Do not display application icon to users: Default is unchecked. You can select this based on your business requirements.

  • Do not display application icon in the Okta Mobile App: Default is unchecked. You can choose to select this based on your business require­ments.

  1. Click Next.

  2. In the Assign to People step, click Next.

  3. Click Done.

Set Okta as an Identity Provider in Adaptive Insights

To set up Okta as an identity provider in Adaptive Insights, follow these steps:

  1. In the application you added within Okta in the previous section, click the Sign On tab.

  2. Click View Setup instructions.

  3. Follow the instructions on the View Setup Instructions page to complete configur­ing Adaptive to accept SAML 2.0 requests from Okta.

Test the Setup

To test the SAML/SSO login from Okta into Adaptive, follow these steps:

  1. In Okta, click the application you added in Add the Adaptive Insights Application in Okta.

  2. Click the People tab.

  3. Assign the application to yourself and any other users who will require access to it.

  4. Log in to Adaptive Insights with your administrator login.

  5. Go to Admin > Edit User and select the user that you want to give access to the app.

  6. Do the same for other users who need access to the app, if any.

  7. In Okta, click My Applications.

  8. Find the icon with the name of the application you created and click it.

If everything is configured correctly, you will be redirected to Adaptive. After successfully testing your setup, you can enable SAML SSO for your users. See Enabling SAML SSO for all Users in Adaptive.

Approach 2

If Approach 1 does not work for your instance, follow the procedures below.

Create an App in Okta

To create the app in Okta, follow these steps:

  1. Log in to Okta.

  2. Click Administration.

  3. Click the Applications tab.

  4. Click Add Application.

  5. Click Create New App in the left panel.

  6. Select SAML 2.0.

  7. Click Create.

  8. Enter a name for the application in the App Name field
    (for example, Adaptive Insights).

  9. For the setting Do not display application icon to users, the default is unchecked. You can select this based on your business requirements.

  10. For the setting Do not display application icon in Okta Mobile app, the default selection is unchecked. You can select this based on your business requirements.

  11. Click Next.

  12. Enter the URL of your server in the Single sign on URL field.
    This field will be returned to and updated as part of the next section.

  13. Check the Use this for Recipient URL and Destination URL box.

  14. Enter AdaptiveInsights in the Audience URI field.

  15. Leave the Default Relay State field blank.

  16. Select a format from the Name ID format field.

  17. Select Email for the Default Username.

  18. Click Download the Okta Certificate on the right side of the screen and save the certificate in a location you will remember.

    Download_Okta_Certificate.png
  19. Skip the Attribute Statements and Preview sections.

  20. Click Next.

  21. Check This is an internal application that we created.
    It is important that you select this setting to make sure that the application is not vis­ible to users outside of your instance. For more details, please refer to Okta's docu­mentation.

  22. Click Finish.

Set Okta as an Identity Provider in Adaptive Insights

Once you have created an app inside Okta, you can set up Okta as an identity provider in Adaptive.

To set up Okta as an identity provider in Adaptive, follow these steps:

  1. Log in to the Adaptive instance as a user with User administrator permissions.

  2. Go to Admin > Manage SAML SSO Settings.

    ManageSAMLSSOSettings_Okta.png
  3. Enter the following SAML SSO Settings:

  1. IDP Entity ID: Copy and paste the Identity Provider Issuer (this information can be found in Okta. Click the application that you created previously, and then click Sign On Tab in Okta. Now click View Setup Instructions under SAML 2.0)

  2. Identity provider single sign-on URL: Copy and paste the Identity Provider Sin­gle Sign-On URL (this can be found by clicking the Sign On tab in Okta, then clicking View Setup Instructions under SAML 2.0).

  3. Custom logout URL: (optional) Enter a URL to redirect users to if they click Logout in the Adaptive application.

  4. Certificate: Select the certificate file that was downloaded from Okta in Step 18 in Create an App in Okta.

  5. SAML user ID type: Select User’s federation ID.

  6. SAML user ID location: Select User ID in NameID of Subject.

  7. SAML attribute: Disabled for this scenario.

  8. SAML nameID format: Select the same name ID format as what was configured in Okta.

  9. Enable SAML: Select Not Enabled (this is the default value). After testing the configuration, return to this screen and enable SAML for other users.

  1. Click Save.

  2. Go back to the Manage SAML SSO Settings page to verify that the settings were saved successfully. Specifically, verify the issuer and validity of the certificate.

  3. Copy the URL from the SSO URL field.

  4. Go to Okta and click the application that you created in Create an App in Okta.

  5. Click the General tab.

  6. Click Edit and go to Configure SAML Page.

  7. Paste the URL in the Single sign on URL field.

  8. Click Next.

  9. Click Finish.

Test the Setup

In this section, you will test the SAML/SSO login from Okta into Adaptive.

  1. In Okta, click the application you created in Create an App in Okta.

  2. Click the People tab.

  3. Assign the application to yourself and any other users who will require access to it.

  4. Log in to Adaptive with your administrative login.

  5. Go to Admin > Edit User and select the user that you want to give access to the app.

  6. Enter the email address from your Okta account as the SAML Federation ID for the user.

  7. Do the same for other users who need access to the app (if any).

  8. In Okta, click My Applications.

  9. Find the icon with the name of the application you created and click it.
    If everything is configured correctly, you will be redirected to Adaptive.

After successfully testing your setup, you can enable SAML SSO for your users. See Enabling SAML SSO for all Users in Adaptive.

Logging in to Excel Interface for Planning and Adaptive Office Connect using SAML SSO

Once SAML SSO has been successfully configured and tested, Excel Interface for Planning and Adaptive Office Connect users only need to provide their usernames in the login form. Leave the password field blank.

Excel Interface for Planning or Adaptive Office Connect - Logging in with SAML SSO enabled

 

  • Was this article helpful?