The Okta/Blueboard SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Login to your Blueboard account as administrator.
Click on your account name, then select SSO SETTINGS from the dropdown menu:
Enter the following (see screenshot at end of step for reference):
SSO URL: Make a copy of this value.
Okta metadata: Copy and paste the following:
Sign in to Okta Admin app to have this variable generated for you.
Click SAVE SSO SETTINGS:
In Okta, select the Sign On tab for the Blueboard app, then click Edit.
Enter SSO URL value you copied in step 3 into the corresponding field.
Click Save:
The following SAML attributes are supported.
Okta sends the following default attributes as part of the SAML assertion:
| Name | Value |
|---|---|
| user.email | |
| firstName | user.firstName |
| lastName | user.lastName |
| userType | user.userType |
In addition to the default attributes, Okta supports the following custom attributes:
| Name | Value |
|---|---|
| user_role | appuser.user_role |
| teamName | appuser.teamName |
| add_edit_employees | appuser.add_edit_employees |
| add_edit_managers | appuser.add_edit_managers |
| administrator | appuser.administrator |
| receive_credit_email | appuser.receive_credit_email |
| view_balance | appuser.view_balance |
| view_employees | appuser.view_employees |
Optional
By default Okta send only 4 SAML attributes in SAML assertion: FirstName, LastName, Email, and userType. To send the custom attributes, follow the steps below:
In Okta, navigate to Directory > Profile Editor:
Search for the Blueboard app, then click Profile:
Click Add Attribute., then add the following attributes (see screen shot following the table below for reference):
| Display Name | Variable Name | Data Type |
|---|---|---|
| Edit Employees Permission | add_edit_employees | boolean |
| Edit Managers Permission | add_edit_managers | boolean |
| View Balance | view_balance | boolean |
| Company Admin | administrator | boolean |
| Manager Name | teamName | string |
| View Employees | view_employees | boolean |
| Receive Credit Emails | receive_credit_email | boolean |
| Blueboard User Role | user_role | string |
Scope (optional): If you check User personal, the current attribute will be available once you assign the user to the Blueboard app and will not be available once you assign the group to the Blueboard app (for example, in the screenshot below User personal is applied to Blueboard User Role attribute):
Once you have completed the steps above, the results should look like this:
Done!