TimeRewards support OIDC and SAML 2.0 protocols to implement SSO with Okta
OIDC Instructions
Supported features
- Single Sign-On (OpenID Connect) initiated via Okta (IDP initiated SSO)
- Single Sign-On (OpenID Connect) initiated via TimeRewards (SP initiated SSO)
Requirements
-
Install the TimeRewards application in your Okta instance
-
If you haven't already, sign up and create an TimeRewards Account (https://www.timerewards.com)
-
Make sure that the employees are already setup in TimeRewards and their email address matches exactly match their Okta accounts
-
Complete the steps below to set everything up
IDP initiated SSO
Add TimeRewards to Okta
- Login to your organization’s Okta tenant
- Navigate to Applications >Applications >Browse App Catalog, search for TimeRewards, select it from the search results, and then click Add Integration
- Enter TimeRewards as Application Label in General Settings. This is the name under which the TimeRewards app will appear in your Okta dashboard.
- Click Next
- Select OpenID Connect as the sign-on method
- Enter the Customer ID, use your Okta subdomain here
- Click on Done
Gather information from Okta
-
In the Okta admin page, click on the TimeRewards application and then navigate to the Sign On tab
-
Copy the values of Client ID
-
Copy the value of Client secret (click the eye button to toggle the visibility)
-
Copy the values of Customer ID
- Send this information to support@timerewards.com
SP-initiated SSO
SAML Instructions
Supported features
- SP-initiated SSO
- Simulating an IDP-initiated flow
Requirements
-
Install the TimeRewards application in your Okta instance
-
If you haven't already, sign up and create an TimeRewards Account (https://www.timerewards.com)
-
Make sure that the employees are already setup in TimeRewards and their email address matches exactly match their Okta accounts
-
Complete the steps below to set everything up
Add TimeRewards to Okta
- Login to your organization’s Okta tenant
- Navigate to Applications >Applications >Browse App Catalog, search for TimeRewards, select it from the search results, and then click Add Integration
- Enter TimeRewards as Application Label in General Settings. This is the name under which the TimeRewards app will appear in your Okta dashboard.
- Click Next
- Select SAML 2.0 as the sign-on method
- Copy the Metadata URL and email it to support@timerewards.com
Simulating an IDP-initiated flow.
- Since the application only supports an SP-initiated flow, you can simulate an IDP-initiated flow with the Bookmark sign-on method.
- In Okta add another TimeRewards app and follow the steps below
- SIGN ON METHODS: select Bookmark-only
- Login URL: enter your Login URL provided by support
- Click Done
- Now you can hide the chicklet of the original app from a user. Go to General tab and check Do not display application icon to users.
- Assign users to this Bookmark
Your Login URL will look like this:
Replace identity_provider (OKTA in the above example) with value provided by your support rep.
0 Comments