How to Configure SAML 2.0 for Tehama

Read this before you enable SAML

Enabling SAML will affect all users who use this application, which means that users will not be able to sign-in through their regular log-in page. They will only be able to access the app through the Okta service.

Backup URL

Tehama provides the following backup log-in URL where administrators can sign-in using their normal username and password: https://[subDomain].tehama.io/login/organizationadminlogin, where [subDomain] is your Tehama subdomain value.


Supported Features

The Okta/Tehama SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

  1. Login to your Tehama instance as an administrator.

  2. Navigate to Account > Organization > AUTHENTICATION.

  3. Check Enable SAML Single-Sign on.

  4. Federation Metadata XML: Copy and paste the following:

    Sign in to Okta Admin app to have this variable generated for you.
  5. tehama1.png

    The next steps are optional and related to JIT (Just In Time) Provisioning.

  6. Check Enable User Provisioning.

  7. Set the following mapping:

  8. NOTES:

  9. Click Save.

  10. tehama2.png

  11. Done!


SP-initiated SSO

  1. Open your organization login URL: https://[subDomain].tehama.io/.


  3. tehama9.png

Adding Custom Attributes

Here is an example describing how to add and use the additional title attribute:

  1. In Okta, navigate to Directory > Profile Editor:

  2. Search for the Tehama app, then click Profile:


  3. Click Add Attribute, then enter the following:

    • Display Name: Enter a preferred attribute name. In our example we used Title.

    • Variable Name: title.

      Important: In our example we are adding the title attribute. You must use the following display / variable names (case-sensitive) for the custom attributes:

        Display name Variable Name
        Tehama Org Role orgRole
        Initial Room IDs roomIds
        Primary phone primaryPhone
        Avatar avatar
        Title title
        Country code country
        Street address streetAddress
        Postal Code postalCode
        Locality locality
        Region region
        Citizenship citizenship

      The Tehama Org Role supports one of the following values: MANAGER or STAFF. Please use the following configuration for the attribute:


    • Click either Add Attribute or Save and Add Another.

    • Scope (optional): If you check User personal, it means that the current attribute will be available once you assign the user to the Tehama app and will not be available once you assign the Group to the Tehama app :


  4. Click Map Attributes:

  5. tehama6.png

  6. Select the Okta to Tehama tab.

  7. Start typing the required attribute from the Okta Base User profile (or use the drop down list) and select the attributes you want to map.

  8. In our example, we have selected the title attribute, and then use the green arrows (Apply mapping on user create and update).

  9. Click Save Mappings:

  10. tehama7.png

  11. Click Apply updates now:

  12. tehama8.png

  13. Done!

  14. Okta will now pass the title SAML attribute with the value of the title field from the Okta Base User Profile.