Skip to main content
All CollectionsHow-tosArticles
How to enable Tines single sign-on (SSO) via SAML with Okta
How to enable Tines single sign-on (SSO) via SAML with Okta

Learn how to set up non-JIT SSO via SAML in Tines with Okta.

Angela Ruhstorfer avatar
Written by Angela Ruhstorfer
Updated this week

Overview

Tines supports SSO so that your users can sign into your Tines tenant with their existing account via your external identity provider. In this article, we cover how to specifically set up non-JIT SSO between Tines and the popular identity provider, Okta.

Note: SSO only enables users to sign in, not sign up. Users must have existing accounts in the Tines tenant beforehand to gain access or just-in-time provisioning must be enabled.

Tines references

Before getting started, we recommend familiarizing yourself with the surrounding functionality this article covers:

Tines Tip: We recommend performing this configuration in one browser window and testing it in a separate private window or a different browser. With this, if there's any issue in configuration, an active session to Tines will still be available to fix errors or rollback changes.

Make it happen

Create an Okta application for Tines

Tines Tip: Do not use the Tines app within Okta's App Catalog. You will need to create a custom app in Okta following the steps below.

  1. Sign into your Okta environment as an administrator.

  2. Navigate to the Applications menu → ApplicationsCreate App Integration:

  3. In the Create a new app integration pop-up window that appears, select SAML 2.0, then Next:

  4. In the General Settings step, enter "Tines" (or something else meaningful) as the App name. Optionally, you can also add the Tines icon as the App logo. Then, click Next:

  5. In the Configure SAML step, set the following parameters; the remaining fields can be left blank or default (see screenshot below for an example):

    1. Single sign-on URL: https://<your-tines-tenant-domain>/users/saml/auth (leave the Use this for Recipient URL and Destination URL option checked)

    2. Audience URI (SP Entity ID): https://<your-tines-tenant-domain>/users/saml/metadata

    3. Name ID format: EmailAddress

    4. Application username: Email

  6. Optionally, you can click the Preview the SAML Assertion option to confirm the information you've entered is correct. Otherwise, scroll down and click Next.

  7. In the Feedback step, you can skip this as it is optional; click on Finish. This finalizes the creation of your new Tines app in Okta.

  8. Within the Assignments tab, add the People and/or Groups that you want to have access to Tines. Note: If you do not have JIT enabled in Tines, make sure that these users have an existing account in both Tines and Okta with matching email addresses:

  9. Navigate to the Sign On tab → in the right-panel via SAML Setup, click View SAML setup instructions.

  10. Copy and save the following values locally; they are used in the Tines configuration:

    1. Identity Provider Single Sign-On URL

    2. X.509 Certificate (including the BEGIN CERTIFICATE and END CERTIFICATE liners)

Configure the authentication settings in Tines

  1. Sign into your Tines tenant as a tenant owner.

  2. Navigate to the tenant owner menu → SettingsAccess & securityAuthentication.

  3. In the Authentication settings pop-up window, set the following parameters:

    1. Authentication type: Single sign on (SSO) via SAML

    2. SAML identity provider URL: Your Okta app's Identity Provider Single Sign-On URL

    3. SAML identity provider public certificate: Your Okta app's X.509 Certificate (including the BEGIN CERTIFICATE and END CERTIFICATE liners)

  4. Review that the information is correct, then click Save.

Review the results

Now, when your end-users access their Okta dashboards, they can click on the Tines app, utilizing SSO to log into your Tines tenant:

Related Articles
Single sign-on (SSO)
Okta Authentication Guide
The Tines Dictionary
How do I configure a Tines page with SSO (Okta)?
How to set up Zoom webhooks to Tines
Did this answer your question?