Skip to main content

Okta – SSO Configuration Instructions

Sam Abello avatar
Written by Sam Abello
Updated this week

Overview

Single Sign-On (SSO) is the ability for users to authenticate with a Service Provider (Grayscale) through an Identity Provider instead of directly with a username and password. SSO allows Organizations to centrally manage user access and streamline new user onboarding as well as de-provisioning.

Notes:

An Okta user with administrative access will need to complete these tasks.

A secret SCIM token/password, which will be provided by your Grayscale customer success manager after they have received your SAML configuration details.

Configuration

Step 1 – Install the Grayscale Integration and configure SAML

From your Okta Admin portal, choose “Applications”, “Browse Application Catalog”, and search for “Grayscale” to locate the Grayscale Integration.

  1. Click the Add Integration button.

  2. Make any optional changes and click Done.

  3. Click on the Sign On tab and then View Saml Setup Instructions:

  4. Follow the “Configuration Steps” and send the metadata file to your Grayscale representative.

Wait!

Please wait on configuring credentials until your Grayscale Implementation Manager has completed SSO enablement for your account. They will email you when they’re ready for you to proceed. They will also send a username and password to your Okta admin, which will be required to complete user provisioning setup.

Step 2 – Configure Credentials

From the “Provisioning” tab of the Grayscale application:

  1. Click the Configure API Integration button.

  2. Check Enable API Integration.

  3. Enter the username and password credentials provided by your account representative.

  4. Click Test API Credentials to ensure everything is working as expected.

  5. Click Save.

Step 3 – Enable User Provisioning

Under the “provisioning” tab:

  1. Choose To App on the left hand side.

  2. Enable all three checkboxes (Create Users, Update User Attributes, and Deactivate Users).

  3. Click Save.

Step 4 – Assign Users to the Application

Once provisioning is complete, you can now assign users or groups to the Grayscale application.

Troubleshooting and Tips

  • The default Grayscale session timeout is 30 minutes. Your account representative can increase this to up to 8 hours for you on request..

  • All user profile fields in Grayscale are not editable once SSO is enabled. Only the user’s role (Admin or Pro) can be modified in the application.

  • Users will not be able to use Grayscale's iOS and Android apps. SSO support for these apps is still in development. In the meantime, users who require mobile access can log into Grayscale on their phone's web browser.

If you run into any issues or have questions, please feel free to contact your Customer Success Manager or support@grayscaleapp.com.

Related Articles
Single Sign On Implementation Considerations
Using SSO On Your Mobile Device
SSO User Management
SAP SuccessFactors Integration Instructions – Onboarding
Azure AD / Entra AD – SSO Configuration Instructions
Did this answer your question?