SSO with Okta

Identity Management

1) Contact [email protected] or [email protected] to claim the email domain(s) that your SSO users will use to sign in.

2) Log into your Sprig account and navigate to the Settings > Single Sign-On.

3) Select SSO Enabled and click Save.

4) An Important Values section should appear. Take note of the values provided. You will use them to configure your Okta integration in Step 10.

5) Log into your Okta account and go to the Admin section. Make sure you are using the Classic UI. Then navigate to Applications.

6) Click on Add Application.

7) Click the Create New App button on the right.

8) A modal window should appear. Select Web for the platform and SAML 2.0 for the sign-on method. Then click Create.

9) Enter in the name you want for your Sprig application integration and click Next.

10) The next screen is where you will input the SAML settings. Use the values you were provided by the Sprig SSO settings page in Step 4 to enter the ACS URL into the Single sign-on URL and the Entity URI into the Audience URI.

Keep the Use this for Recipient URL and Destination URL option selected, and leave the Allow this app to request other SSO URLs option blank.

11) Select the EmailAddress option for the Name ID format field and Email for Application username.

12) In the attributes section add an attribute so that there are two. Enter “name” and “role” for the Name fields. Leave the Name format fields as “Unspecified”. In the Value fields enter Okta Expression Language expressions that will provide the name and role for your Sprig users. The “role” field needs to evaluate to one of: admin , developer , or viewer . Sprig roles are described here. If you are not sure what to enter here you can add String.join(" ", user.firstName, user.lastName) for “name” and admin for “role”

13) Leave the Group Attribute Statements section blank. Scroll down to the bottom of the page and click Next.

14) Fill out the necessary fields in the Feedback section and click Finish.

15) You should now be taken to your new app’s integration page. Click Sign On and then click View Setup Instructions.

16) A new page with configuration values will appear. You will be using these values to configure UseLeap SSO in the next step.

17) Navigate to the Sprig SSO Settings Page. Copy the values from the previous step into the corresponding fields in the “Your Identity Provider” section

  • Identity Provider Single Sign-On URL → Entry Point URL
  • Identity Provider Issuer → Issuer URL
  • X.509 Certificate → X.509 Certificate

18) Click the Save button in the Your Identity Provider section. Users that are assigned to the Okta app integration you created should now be able to sign up using the Sign in with SSO link on the Sprig login page. You now can assign users in the Assignments tab of your Okta application integration.