Follow the instructions below to allow your users to sign into Email Experiences with Okta.
In Okta’s admin portal, create an app for Email Experiences.
In the sign-on settings, do the following:
- Make sure that the Single sign on URL field is pointed to: https://app.sigstr.com/saml/callback
- Check the box for Use this for Recipient URL and Destination URL.
- Make sure the NameID Format is EmailAddress.
- Create an attribute statement of Email with value user:email.
In the Configure SAML step, click on the "Show Advanced Settings" in the bottom right corner. Ensure that the 'Authentication context class' is set to X.509 Certificate.
On the right-hand side of the page, click 'Download Okta Certificate' and send the file to email@example.com requesting SAML SSO.
Can we disable users from logging into Email Experiences with a username and password? That way they can only login via SAML or O365?
Yes, if this is a requirement for your business, please contact support through the Terminus Support Portal to enable this feature. If a user attempts to log in with any method other than SAML, it will reject the login and instruct the user to use their identity provider.
Does signing in from Okta create a new user?
Yes and no. If the user already exists in Email Experiences, they can be assigned Email Experiences in Okta and will be able to login into the app to edit their profile. IF that user does not exist yet in Email Experiences, signing into Email Experiences will create the user without any signature fields.
If new users are created in Email Experiences from Okta, will the fields from their Okta profiles sync to Email Experiences?
No. At this time, we do not map fields from Okta to Email Experiences. Users would need to fill in their missing signature data upon logging into Email Experiences. Alternatively, if your company is using the Employee Automation API, users would just need to wait for the data to be pulled automatically.
What if a user signs in with an alternate email from Okta?
Users who sign in from Okta with an alternate email address will have a new user automatically created within Email Experiences. Okta currently does not have the capacity to recognize our primary_email and alternate_email. If any user exists in Okta and needs to sign into Email Experiences, you will want to ensure that his/her primary email address in Okta matches his/her primary email address in Email Experiences.