Okta

How to Configure SAML 2.0 for LiquidPlanner


SSO is available to LiquidPlanner customers on the Enterprise plan only. Contact LiquidPlanner at https://www.liquidplanner.com/contact/ for details.


Contents

Supported Features

The Okta/LiquidPlanner SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Login to your LiquidPlanner account as a workspace owner.

  2. Click on your profile picture.

  3. Select Settings > Single Sign-On Configuration.

  4. In the Single Sign-On Configuration section, enter the following (see screen shot at end of step for reference):

    • SAML Identity Provider Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Remote Login URL: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Make a copy of the last part of the following Entity ID value.

      For example if your Entity ID is https://app.liquidplanner.com/0000, you need to save the 0000 value).

    • Click Save.

    “liquidplanner-new1.png"

  5. In Okta, select the Sign On tab for the LiquidPlanner SAML app, then click Edit

    • Scroll down to the ADVANCED SIGN-SETTINGS section.

    • Enter the portion of the Entity ID you saved (see step 4) into the Company ID field.

    • Click Save:

    Enter Entity ID into Okta -Sign On.png

  6. Back in LiquidPlanner, locate the Test Your Configuration section and click the Test Login button:

    “liquidplanner3.png"

  7. Wait for a Your test was successful. You can enable SSO for your space message to appear.

  8. Click the Enable SSO link.

    “liquidplanner4.png"

  9. In the Enable SSO section:

    • Click Yes.

    • Click Save.

    “liquidplanner5.png"

  10. In the Member Setup section:

    • Under Enable SSO for All Members:

      • Select Yes if you need all workspace members and portal guests to be required to use SAML 2.0 to authenticate.

      • Select No if you need to configure which members will be required to use SAML 2.0 and which will use an email address and password stored in LiquidPlanner to login.

    • Under Under Enable SSO for All New Members by Default:

      • Select Yes if you need all new members and portal guests added to your workspace to be required to use SAML 2.0 to authenticate.

      • Select No if your members must use an email address and password stored in LiquidPlanner to login.

    • Under SSO Requirement for Individual Members:

      • To move specific members into SSO Enabled, select them from the SSO Disabled box and click the >> button. Alternatively click the Move All => button to move everyone at once.

    • Click Save:

    “liquidplanner6.png"

  11. Done!


Notes

Make sure that you entered the correct value in the Company ID field under the Sign On tab. Using the wrong values will prevent you from authenticating via SAML to LiquidPlanner SAML.


SP-initiated SSO

Main Flow:

  1. Open LiquidPlanner login page: https://app.liquidplanner.com/login.

  2. Enter your Business Email, then click Sign In:

    go to https://app.liquidplanner.com/login, enter business email, click Sign In


Alternative Flow: