The Okta/Chatter SAML integration currently supports the following features:
For more information on the listed features, visit the Okta Glossary.
Login to your Chatter account as an administrator.
Navigate to Setup > Security Controls > Single Sign-On Settings:
On the Single Sign-On Settings page, click Edit:
Check the SAML Enabled box to enable the use of SAML Single-Sign On, then click Save:
Click New:
Enter the following:
Name: Enter a preferred name.
Issuer: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value
Identity Provider Certificate: Download, then upload the following certificate:
Sign into the Okta Admin dashboard to generate this value
Request Signing Certificate: Select SelfSignedCert.
Request Signing Method: Select RSA-SHA256.
Assertion Decryption Certificate: Select Assertion not encrypted.
SAML Identity Type: Select Assertion contains the User's Salesforce username.
SAML Identity Location: Select Identity is in the Nameidentifier element of the Subject statement.
Service Provider Initiated Request Binding: Select HTTP POST.
Identity Provider Login URL: Copy the following:
Sign into the Okta Admin dashboard to generate this value
Custom Logout URL: Copy and paste the following:
Sign into the Okta Admin dashboard to generate this value
Entity ID:
If you have a custom domain setup, enter https://[customDomain].my.salesforce.com
If you do not have a custom domain setup, enter https://saml.salesforce.com
Click Save.
Make a copy of your Login URL value:
In Okta, select the Sign On tab for the Chatter app, then click Edit.
Enter the Login URL value you made a copy of in step 7 above into the corresponding field.
If you are using a custom domain, then enter that value into the Custom Domain field (for example, if your domain is acme.my.salesforce.com, enter acme, otherwise leave it blank.
Click Save:
Navigate to your Salesforce Domain URL. You should see an option to login using your Identity Provider: