Okta

How to Configure SAML 2.0 for EmployeeReferrals.com


Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

EmployeeReferrals.com does not provide backup log-in URL where users can sign-in using their normal username and password. You can contact EmployeeReferrals.com support to turn off SAML, if necessary.

Contents

Supported Features

The Okta/EmployeeReferrals.com SAML integration currently supports the following features:

Configuration Steps

  1. Log into EmployeeReferrals.com as an administrator.

  2. Switch to the Admin View mode:

    employeereferrals_new1.png

  3. Navigate to Settings > Single Sign-On and enter the following information (see screenshot at end of step for reference):

    • Check the Register SSO Users box to enable Just In Time (JIT) provisioning.

    • SAML Metadata URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • SSO URL: Copy and paste the following:

      Sign into the Okta Admin dashboard to generate this value.

    • Check the Register SSO Users box.

    employeereferrals_new2.png

  4. Select Update Company Info.

  5. Done!

Notes

The following SAML attributes are supported:

emailAddress attribute value

  1. In Okta, select the Sign On tab for the EmployeeReferrals.com app, then click Edit.

  2. Scroll down to the ADVANCED SIGN-ON SETTINGS section.

  3. Select a required value for the emailAddress attribute from the dropdown list:

    referrals_new1.png

  4. Click Save.

startDate attribute value

In order to add the startDate attribute, perform the following steps:

  1. In Okta, navigate to Directory > Profile Editor.

  2. Search for the EmployeeReferrals.com app, then click Profile.

    employeereferrals_new4.png

  3. Click Add Attribute, then enter the following:

    • Display Name: enter the Start date value.

    • Variable Name: enter the startDate value.

    • Click Add Attribute.

      • Note: Scope (optional): If you check user personal, the startDate attribute will be available once you assign the user to the EmployeeReferrals.com app and will not be available once you assign the group to the app.

    employeereferrals_new5.png

  4. Click Map Attributes:

    employeereferrals_new6.png

  5. Select the Okta to EmployeeReferrals.com tab, then do the following:

    • Start typing the required attribute from the Okta base user profile (or use the dropdown list) and select the attributes you want to map.

    • In our example, we selected the hireDate custom user attribute, then the green arrows (Apply mapping on user create and update).

    • Click Save Mappings.

    employeereferrals_new7.png

  6. Click Apply updates now:

    employeereferrals_new8.png

  7. Now Okta will pass startDate attribute with the value of the hireDate custom field from the Okta base user profile.

SP-initiated SSO

Go to https://[YourSubDomain].employeereferrals.com, then click on LOG IN: