To enable Single Sign-On (SSO) in Humand through Okta, a global administrator from your organization needs to grant the necessary permissions to the Humand application within Okta.
Before you start, make sure you have:
• Access to Okta's tenant as an administrator.
• Access to a community in Humand as an administrator or user, depending on the desired feature.
Additionally, before granting the necessary permissions, you first need to enable External Login (SSO) from Humand's settings. To do this, you can check out the following article: 📚 How do I activate Single Sign-On (SSO)?
The client must configure their community in Humand with the external login domain of their Okta instance. For example, if the Okta users are in the form user@mydomain.com, you should add mydomain.com in the community settings.
On the other hand, the client must add the Humand integration to their Okta organization and configure it.
To do this, follow these steps:
1. Log in to your organization's Okta tenant.
2. Go to the Applications section in the sidebar and click on Browse App Catalog.
3. Search for Humand and click on Add Integration. You can set an app label for the application. Then, click Done.
4. On your Humand application page, go to the Sign On tab.
5. In Settings, copy the Client ID and Client Secret value.
6. In Settings, there should be a section with a link to the OpenID provider metadata. Click on this URL. A JSON document will open. Look for a key titled Issuer and copy the URL value.
7. Assign your Okta user or any other target user access to use the Humand application. To do this, go to the Assignments tab and click on Assign.
8. The login field of the user's profile will become the username in Humand.
9. Once you have gathered all the necessary information described above, email it to eze@humand.co with the subject "Okta Configuration Request". Include the following:
- Client ID
- Client Secret
- Issuer URL
The Humand support team will handle your request and contact you once the integration has been set up.
An additional piece of information we need (but not necessarily from the client) is the domain used to define users in the organization and which was used to configure the Humand community.
It is strictly necessary that this domain is unique across organizations implementing Okta and not a generic domain (e.g., email.com) due to the configurations needed on our side. Initially, it is not considered an additional piece of information to include in the email since we can find it on our own by going to the community settings. However, in the future, it might be added.
Make sure to have the Create new user (JIT) option enabled in the client's configuration. We need to have it enabled on our side.