Okta

How to Configure SAML 2.0 for Procore

This setup might fail without parameter values that are customized for your organization. Please use the Okta Administrator Dashboard to add an application and view the values that are specific for your organization.

Contents


Supported Features

The Okta/Procore SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.


Configuration Steps

  1. Login to your Procore instance as an administrator.

  2. Navigate to TOOLBOX > Admin:

    procore_newa.png

  3. Select ADMINISTRATIVE SETTING > Single Sign On Configuration, then enter the following:

    • Single Sign On Issuer Url: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Single Sign On Target Url: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.

    • Single Sign On x509 Certificate: Copy and paste the following:

      Sign into the Okta Admin Dashboard to generate this variable.
    • Click Save Changes:

    procore_newb.png

  4. Optional: Contact Procore and ask them to configure Single Sign On Domain for the SP-initiated flows. Provide them with your email domain.

    Important: Enabling Single Sign On Domain for the SP-initiated flows will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service. Procore does not provide backup log-in URL where users can sign-in using their normal username and password. You can contact Procore support to turn off SAML, if necessary.

  5. Done!


Notes

The following SAML attributes are supported:


SP-initiated SSO

  1. Open this URL: https://login.procore.com/.

  2. Enter your Email address.

  3. Click Continue:

  4. procore_newc.png