This guide will help users to integrate Humand as a SAML 2.0 application (SP) within your Okta tenant (IdP).

Access Your Okta Admin Console

1. Log in to your Okta Admin Console.

2. From the left-hand menu, click Applications.

3. Click Create App Integration.

Configure App Integration

1. Under Sign-in method, select: SAML 2.0
2. Click Next.

General Settings

• App Name: Humand-EndUser-SSO (or any name you prefer)
• (Optional) Check the box: Do not display application icon to users. This option will not display Humand in your user’s Okta Dashboard.
• Click Next.
   

SAML Settings

General Section

1. Before filling this section, obtain your Instance ID from your Humand Onboarding Leader or Account Manager. You’ll need this value to complete the URLs below.

• Single Sign-On URL: 
  
  https://api-prod.humand.co/api/v1/sso-saml/callback?to=INSTANCE_I D 
  
  Please note - ‘Use this for Recipient URL and Destination URL’ should be ticked on by default.
   
• Audience URI (SP Entity ID): 
  
  https://api-prod.humand.co/api/v1/sso-saml/INSTANCE_ID
   
• Name ID Format:
  
  EmailAddress
   
• Application username:
  
  OktaUsername
   
• Update application username on:
  
  Create and update
   

Finish Setup

1. Click Next.  

2. Review your settings. 

3. Click Finish.
 

Share Your Metadata with Humand

1. In the Okta Admin Console, go to Applications.

2. Select the Humand application you just created.

3. Click on the Sign On tab.

4. Copy the Metadata URL.

Send this URL to: help@humand.co 

CC: your Humand Onboarding Leader or Account Manager
 

Final Step: Assign Users to the Humand App

To ensure users can access Humand via SSO once integration is complete: 

• You must assign the Humand application to the appropriate users or user groups in Okta.
• If users are not assigned, they will receive an authentication error when attempting to log in.

How to Assign Users:

You can assign users in one of two ways:

1. From the "Groups" or "People" tab in the main Okta menu
→ Search and assign users or groups to the Humand application.

2. From within the Humand application setup
→ Go to the Assignments tab
→ Click Assign > People or Assign > Groups

Extra Step (Optional): Configure SSO for the Admin/Back Office Portal

If you also want to enable SSO for the Humand Admin/Back Office site, follow the same process outlined above with the updated URLs below:

• Single Sign-On URL: 
  https://api-prod.humand.co/api/v1/backoffice/sso-saml/callback?to=INST ANCE_ID
   
• Audience URI (SP Entity ID):
  https://api-prod.humand.co/api/v1/backoffice/sso-saml/INSTANCE_ID

Please note:

• The INSTANCE_ID used here is the same one used for the end-user portal configuration.
• Copy the metadata URL as explained before Email it to: help@humand.co 
  In the email, specify that the metadata is for the Admin/Back Office Portal.

Final Considerations

1. If you encounter any issues while configuring Humand in your Okta tenant, please reach out to help@humand.co
2. Once both sides (Humand and your team) have completed the configuration, Humand will notify you to begin the SSO testing process.
3. By default, all assigned users will be routed through Single Sign-On (SSO).
4. If any users need to bypass SSO and log in using a username and password, please send a list of those users to: help@humand.co. This ensures proper access is granted via traditional login credentials.