Service Provider (SP)-Initiated Authentication (SSO) Flow
Administrator account in an existing Okta organization.
Crelate Enterprise organization license.
Administrator account in the existing Crelate Enterprise organization.
The login e-mail used by both administrator accounts must match to complete the validation process.
Okta Configuration Steps
Log into Okta with your administrator account.
Navigate to Applications.
Click Add Application.
Search for "Crelate" and click the App to select it.
Click Add on the left to continue.
Check both "Do not display application icon to users" and "Do not display application icon in the Okta Mobile App".
Click Done to add the App.
After the App is added, users must be assigned to it. This will allow them to log into Crelate using their Okta credentials.
Open the newly added App under Applications and navigate to the Assignments tab.
Click on Assign and pick the appropriate principal type you want to assign (person or group).
Search for the desired principal and click the Assign button.
Modify the assignment fields as needed (defaults should suffice) and click Save and Go Back.
Click Done to close the dialog.
Navigate to the Sign On tab and note the Client ID and Client secret values. These will be used when setting up the provider in Crelate. These values can also be found on the General tab.
The last bit of information you need for the provider is your organization's domain URL. This is visible in the upper right of the Dashboard.
Crelate Configuration Steps
Log into Crelate with your administrator account.
Navigate to Settings | Single Sign-On.
Click Add a new Single Sign-On Provider to begin adding the provider.
Fill out the form and click Save to add the provider. All fields are required. For Type, choose Okta. The Display Name is any appropriate name that will help identify the provider. This value will display when assigning the provider to users. Note that the Domain field should be the full domain URL including the "https" portion. Refer to the Okta Configuration section of this guide to find the Domain URL, Client ID, and Client Secret.
The provider must be validated before it can be assigned to users.
To begin validation, click the Validate icon on the provider. This will open a separate dialog that will walk you through authentication to confirm that the sign in process works with the supplied configuration. Once successful, your new Single Sign-On provider will be enabled for use.
Once the provider is validated, you can assign it as the Login Type to Crelate users. If you run into issues during validation, ensure that your provider settings specified in Crelate match the values of the Crelate App in your Okta organization.
Navigate to Settings > Users.
Select a user and use the Login Type drop down to select the SSO Provider you just added and validated. Note that the e-mail address of the user must match the e-mail address of their Okta user account.
Once you are ready to continue, click Save.
Crelate will prompt you to confirm the Login Type changes. Setting a user's Login Type to an SSO Provider will result in an invite e-mail. Affected users must confirm their e-mail by using the link provided in the invite. Finally, the user must complete the login process to fully enable their Okta credentials for Crelate use.
To initiate the login process, navigate to https://app.crelate.com , enter your e-mail address, and click next. You will then be presented with the Okta Login screen to complete login. Upon successful login, you will be taken directly into the Crelate application.