All Collections
Smart Features
Authentication
AlexisHR's Okta App - SAML & SCIM Configuration Guide for Okta
AlexisHR's Okta App - SAML & SCIM Configuration Guide for Okta

How to get going with AlexisHR's app in Okta

Mio Mattsson avatar
Written by Mio Mattsson
Updated over a week ago

This article describes features exclusive to our app in Okta. For information about SSO via SAML see this article and for SCIM see this article.

Click here to skip to the Step-by-step instructions for SAML or SCIM

Requirements

Ensure that you have the following before you start configuring the Okta app:

  • Get the user provisioning functionality for your Okta account. See Lifecycle Management for more details.

  • An Okta account with admin privileges

  • An AlexisHR account with Owner permission set

  • Make sure your account plan in AlexisHR allows you to use SSO & SCIM

Supported Features

SAML

  • IdP-initiated SSO

  • SP-initiated SSO (see note)

Note: SP-initiated SSO requires help from AlexisHR's Customer Success/Support.

SCIM

  • Import Users

  • Profile Sourcing

Step­ by­Step Configuration Instructions for SAML

Step 1 - Get info about SAML from Okta

From Okta retrieve Identity Provider Single Sign-On URL and your X.509 Certificate.

Step 2 - SAML Single sign-on in AlexisHR

Add this information into Alexis via Settings -> SAML Single sign-on. Click "New identity provider". In Identity provider sign out URL you can enter the following (change [YOUR_TENANT] to your tenant): 

https://[YOUR_TENANT].okta.com/login/signout?fromURI=https://app.alexishr.com

Click Create identity provider and you'll be taken to the next screen.

Step 3 - Retrieve info from AlexisHR

You need to copy the Audience URI and Assertion Consumer Service URL and save for the next step.

If you want to test on app.sandbox.alexishr.com

To enable testing in our sandbox environment you need to enter Domain and Tenant when setting up Okta. See Step 4 "Domain" and "Tenant" for details.

Pictured: There are environment variables in the Audience URI and ACS URL

Step 4 - Setting up SSO in Okta

General settings - Set the required fields as follows

  • Domain: alexishr for production and sandbox.alexishr for sandbox

  • Tenant: alexishr for production and alexishr-sandbox for sandbox

  • Single sign-on URL: should be value Assertion Consumer Service URL copied from Alexis, see step 3

  • Audience URI (SP entity ID): should be value from Audience URI copied from AlexisHR, see step 3

  • Name ID format: Email or Unspecified

  • Application username: should be set to Okta username

  • Update application username on: should be set to Create and update

Attribute statements - Set the required fields as follows

  • Name: email

  • Name format: Email or Unspecified

  • Value: user.email

This concludes the settings needed for SAML SSO

If you are interested in Okta user provisioning you can read more here

Did this answer your question?