Introduction

This document describes how to integrate Optimove with Okta’s identity provider system, in order to implement an SAML-based Single-Sign-On flow in Optimove.

Follow these instructions to prepare your Okta account for integration with Optimove.

Note that, before you begin, you need to receive two values from your CSM (required for steps 12 and 13, below).

Set Up the Integration in Okta

  1. Log in to your Okta account as admin.
  2. From the Okta dashboard, click Admin to reach the Admin Dashboard.
  3. Go to the Applications tab.

  4. Click Add Application.

  5. Click Create New App. The Create a New Application Integration window opens:
  6. Set Platform to: Web.
  7. Set Sign on method to: SAML 2.0.
  8. Click Create.

    Now, in the Application window:

  9. Set App name to: Optimove Site.
  10. Upload the Optimove logo.
  11. Click Next.

    In the next window:

  12. Set Single sign on URL to: https://optimove-production.eu.auth0.com/login/callback?connection=<AUTH0_CONNECTION_ID>
    (replace AUTH0_CONNECTION_ID with the value provided to you by the Optimove Integration Team)
  13. Set Audience URI (SP Entity ID) to: urn:auth0:optimove-production:<YOUR_COMPANY_NAME>-OKTA

    (replace YOUR_COMPANY_NAME with the value provided to you by the Optimove Integration Team)
  14. Set Application username to: Email

    In the next window:

  15. Add the following Attribute Statements:
    • Email
      • Name: email
      • Name format (optional): Unspecified
      • Value: ${user.email}
    • Email_verified
      • Name: email_verified
      • Name format (optional): Unspecified
      • Value: ${user.VERIFICATION_ATTRIBUTE}

    Note: The Email_verified attribute refers to the method of verification for email addresses used in your Okta profile. You must provide Optimove with the email verification attribute name and format used for verification. If email verification is not available or is not in use in your Okta profile, use the constant value True instead of the attribute name.

  16. Click Preview the SAML Assertion to generate XML and verify that your settings are correct.
  17. Click Next.
  18. In the next window, answer the ‘Are you a customer or partner?’ question by selecting ‘I'm an Okta customer adding an Internal app’.
  19. Click Finish.
  20. Once you have completed the above configuration, click into the Sign On tab.
  21. Click View Setup Instructions.
  22. From the next window, copy the following values generated by Okta and provide them to the Optimove Integration Team:
    • Audience URI (SP Entity ID)
    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • The X.509 Certificate file (click Download certificate)

This completes your required steps on the Okta side. Using the information you send the Optimove Integration Team, they will finalize the configuration on the Optimove side.