Okta

How to Configure SAML 2.0 for LiquidPlanner


SSO is available to LiquidPlanner customers on the Enterprise plan only. Contact LiquidPlanner at https://www.liquidplanner.com/contact/ for details.

  1. Login to your LiquidPlanner account as a workspace owner.

  2. Click on your profile picture.

  3. Select Settings > Single Sign-On Configuration.

  4. In the Single Sign-On Configuration section, enter the following (see screen shot at end of step for reference):

    • SAML Identity Provider Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Remote Login URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Make a copy of the last part of the following Entity ID value.

      For example if your Entity ID is https://app.liquidplanner.com/0000, you need to save the 0000 value).

    • Click Save.

    “liquidplanner-new1.png"

  5. In Okta, select the General tab for the LiquidPlanner SAML app.

    • Click Edit.

    • Enter the portion of the Entity ID you saved (see step 4 above) into the Company ID field.

    • Click Save.

    “liquidplanner2.png"

  6. Back in LiquidPlanner, locate the Test Your Configuration section and click the Test Login button:

    “liquidplanner3.png"

  7. Wait for a Your test was successful. You can enable SSO for your space message to appear.

  8. Click the Enable SSO link.

    “liquidplanner4.png"

  9. In the Enable SSO section:

    • Click Yes.

    • Click Save.

    “liquidplanner5.png"

  10. In the Member Setup section:

    • Under Enable SSO for All Members:

      • Select Yes if you need all workspace members and portal guests to be required to use SAML 2.0 to authenticate.

      • Select No if you need to configure which members will be required to use SAML 2.0 and which will use an email address and password stored in LiquidPlanner to login.

    • Under Under Enable SSO for All New Members by Default:

      • Select Yes if you need all new members and portal guests added to your workspace to be required to use SAML 2.0 to authenticate.

      • Select No if your members must use an email address and password stored in LiquidPlanner to login.

    • Under SSO Requirement for Individual Members:

      • To move specific members into SSO Enabled, select them from the SSO Disabled box and click the >> button. Alternatively click the Move All => button to move everyone at once.

    • Click Save:

    “liquidplanner6.png"

  11. Done!

    Notes:

    IdP-initiated flows and SP-initiated flows are supported.

    Just In Time (JIT) Provisioning is not supported.




For SP-initiated flows

Main Flow:

  1. Open LiquidPlanner login page: https://app.liquidplanner.com/login.

  2. Enter your email in the Business Email field.

  3. Click the Sign In button.

    “liquidplanner7.png"


Alternative Flow: