How to Configure SAML 2.0 for 15Five

Contents

• Supported Features
• Adding a Custom Attribute
• Configuration Steps
• Notes

---

Supported Features

The Okta/15five SAML integration currently supports the following features:

• SP-initiated SSO
• IdP-initiated SSO
• JIT (Just In Time) Provisioning

For more information on the listed features, visit the Okta Glossary.

---

Adding a Custom Attribute

Follow these instructions to add the manageEmail custom attribute:

1. In Okta, from the Admin dashboard, navigate to Directory > Profile Editor.

2. Select Okta from Filters.

3. Click the edit Profile button:

   

4. Click Add Attribute:

   

5. Enter the following:

   • Display name: managerEmail.

   • Variable name: managerEmail.

   • Click Add Attribute:

   

---

Configuration Steps

1. Log in to your 15Five tenant using an Admin account.

2. Click on your Profile Icon, then select Company settings:

   

3. Navigate to Company > Single Sign-On, then select the Metadata Setup tab.

4. Check the Automatically update metadata option and the paste the metadata below into the XML metadata field, then click Save:

   Sign in to the Okta Admin app to generate this value.



5. Select the Details Setup tab, then enter the following:

   • Check the SAML Single Sign-On Enabled option to enable SAML. Check the Allow Password Sign In option if you want to allow your users to continue having the option to login using their username and password.

   • Contact Email: Enter an email address. This is the address where 15five will send all SAML-related information.

   • User Sign In URL: Make a copy of this value. You will use this for the SP-initiated SAML flow.

   • IdP Entity ID and IdP Single Sign-On Service URL: These fields are auto-populated from the metadata file you saved in step 4.

   • IdP Single Sign-On Service Binding: Select HTTP-Direct.

   • In the User Attributes section, use the following values:

     • Name ID Contents: Select User ID.

     • Email attribute name: Entermail.

     • First name attribute name: Enter FirstName.

     • Last name attribute name: Enter LastName.

     • Title attribute name: Enter title.

   • Click Save:

   

6. In Okta, select the Sign On tab for the 15Five SAML app, then click Edit.

   • Base URL: Enter your 15Five domain.

   • Click Save:

   

7. Done!

---

Notes

• Make sure that you entered the correct value in the Base URL field under the Sign On tab in Okta. Using the wrong value will prevent you from authenticating via SAML to 15Five.

• The following SAML attributes are supported:

  Name	Value
  FirstName	user.firstName
  LastName	user.lastName
  mail	user.email
  managerEmail	user.managerEmail
  title	user.title

SP-initiated SSO

1. Go to the User Sign In URL you copied in step 5.

2. Click Sign in using Single Sign-on: