How to set up Single Sign-On in Targetprocess with Okta
Step-by-step guide on how to set up Single sign-on integration with Okta
- Single Sign-On
- Single Sign-On in Targetprocess
- How to set up Single Sign-On with Google G Suite (formerly Apps for Business )
- How to set up Single Sign-On with OneLogin
- How to set up Single Sign-On for Targetprocess with ADFS 2.0
- How to set up Single Sign-On to Targetprocess with other SAML 2.0 Identity providers
Targetprocess supports most of the SAML 2.0 compatible providers including OneLogin, Okta, Bitium and ADFS 2.0.
Integrating with Okta involves the following four steps:
- Adding Targetprocess as an application on the Okta dashboard
- Configuring Okta details in Targetprocess
- Assigning Targetprocess Application to Users in Okta
- Testing SSO in Targetprocess
Detailed steps are provided below.
1. Adding Targetprocess as an application on the Okta dashboard
Log in to your Okta Admin account, select 'Applications' tab and then click ‘Add application’
- Choose “Create New App”
- Set application name, e.g. “Targetprocess” and click “Next” to proceed to SAML settings
Now you need to log in as administrator to your Targetprocess account and get out your “Single sign on URL” for Okta. In Targetprocess its called “Assertion Consumer URL” and can be found at Settings > Authentication and Security > Single Sign-On.
Copy the URL. e.g. “https://your_account.tpondemand.com/api/sso/saml2” and paste into ““Single sign on URL” in Okta.
Paste same value into “Audience URI (SP Entity ID)”
Select “EmailAddress” in “Name ID format” field and “Email” in “Application username”. Result:
Now click “Next” and “Finish” on the next screen.
2. Configuring Okta details in Targetprocess
On the ‘Sign On’ tab of your application click “View Setup Instructions” to get additional fields for your Targetprocess
Copy “Identity Provider Single Sign-On URL” and paste it into “Sign-on URL” field in Targetprocess SSO settings
Copy X.509 certificate (including lines with “BEGIN” and “END”) and paste in Targetprocess into “Certificate” field
Next you can enable JIT PRovisioning, disable native Targetprocess login form and some users to SSO exceptions list if needed. More information about these settings can be found in “Single Sign-On in Targetprocess” guide.
Targetprocess settings overview:
3. Assigning Targetprocess Application to Users in Okta
After completing the configurations in Targetprocess, go back to Okta to assign the newly added application to your users on “People” tab in application details.
Also you may use multiple applications assignment available in "Applications" > "Assign applications" menu.
4. Testing SSO in Targetprocess
- Logout from Targetprocess (click on avatar picture and choose “Logout”)
- Open your Targetprocess URL in browser - https://YOUR_ACCOUNT.tpondemand.com/. Now two scenarios are possible:
- if you have disabled Targetprocess login form - browser will redirect you to Okta login page and then to Targetprocess UI
- if you have mixed mode enabled - you’ll have to to click “Log in using Single sign-on” on Targetprocess login page.
There are following common problems with SSO:
Error 404 Not found - this means incorrect URL either in Targetprocess SSO settings or in Okta application settings. Please double-check your settings in Okta and Targetprocess to make sure URLs are valid
- You’re getting “Sorry, you can't access Targetprocess because you are not assigned this app in Okta” error. To resolve this problem make sure that your user is assigned to Targetprocess application on step 3 and you’re using correct account to login to Targetprocess.
Other problems are less common and we'd recommend you to check your Okta application log to find out all the details or look into Targetprocess System log.
Still have a question?
We're here to help! Just contact our friendly support team