Okta Single Sign-On (SSO) integration

TimeRewards support OIDC and SAML 2.0 protocols to implement SSO with Okta

 

OIDC Instructions

SAML Instructions

OIDC Instructions

Supported features

  • Single Sign-On (OpenID Connect) initiated via Okta  (IDP initiated SSO)
  • Single Sign-On (OpenID Connect) initiated via TimeRewards (SP initiated SSO)

 

Requirements

  1. Install the TimeRewards application in your Okta instance

  2. If you haven't already, sign up and create an TimeRewards Account (https://www.timerewards.com)

  3. Make sure that the employees are already setup in TimeRewards and their email address matches exactly match their Okta accounts

  4. Complete the steps below to set everything up

IDP initiated SSO

Add TimeRewards to Okta

  1. Login to your organization’s Okta tenant
  2. Navigate to Applications >Applications >Browse App Catalog, search for TimeRewards, select it from the search results, and then click Add Integration
  3. Enter TimeRewards as Application Label in General Settings. This is the name under which the TimeRewards app will appear in your Okta dashboard.
  4. Click Next
  5. Select OpenID Connect as the sign-on method
  6. Enter the Customer ID, use your Okta subdomain here
  7. Click on Done

 

 

Gather information from Okta

  1. In the Okta admin page, click on the TimeRewards application and then navigate to the Sign On tab

  2. Copy the values of Client ID

  3. Copy the value of Client secret (click the eye button to toggle the visibility)

  4. Copy the values of Customer ID

  5. Send this information to support@timerewards.com

 

 

SP-initiated SSO

1. Go to the URL provided by the support
2. Click on your corporate ID to login

 

 

SAML Instructions

 

Supported features

  • SP-initiated SSO
     
  • Simulating an IDP-initiated flow

 

Requirements

  1. Install the TimeRewards application in your Okta instance

  2. If you haven't already, sign up and create an TimeRewards Account (https://www.timerewards.com)

  3. Make sure that the employees are already setup in TimeRewards and their email address matches exactly match their Okta accounts

  4. Complete the steps below to set everything up

Add TimeRewards to Okta

  1. Login to your organization’s Okta tenant
  2. Navigate to Applications >Applications >Browse App Catalog, search for TimeRewards, select it from the search results, and then click Add Integration
  3. Enter TimeRewards as Application Label in General Settings. This is the name under which the TimeRewards app will appear in your Okta dashboard.
  4. Click Next
  5. Select SAML 2.0 as the sign-on method
  6. Copy the Metadata URL and email it to support@timerewards.com

 

 

 

Simulating an IDP-initiated flow.

  1. Since the application only supports an SP-initiated flow, you can simulate an IDP-initiated flow with the Bookmark sign-on method.
  2. In Okta add another TimeRewards app and follow the steps below
    • SIGN ON METHODS: select Bookmark-only
    • Login URL: enter your Login URL provided by support
    • Click Done
  3. Now you can hide the chicklet of the original app from a user. Go to General tab and check Do not display application icon to users.
  4. Assign users to this Bookmark

 

Your Login URL will look like this:

https://timerewards.auth.us-east-1.amazoncognito.com/authorize?response_type=code&identity_provider=OKTA&client_id=3ca99m4dn24r2dmt281vvgda39&state=STATE&scope=openid+email

 

Replace identity_provider (OKTA in the above example) with value provided by your support rep.

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.