This guide is for users looking to configure their Okta identity provider with HandsHQ to enable SAML Single sign-on.
This is a brief overview of how to configure the setup. Please refer to the Okta Help Centre for more information on how to use this service.
Add the HandsHQ app to Okta
To connect HandsHQ and Okta, you will first need to add the HandsHQ app to your Okta account.
Log in to your Okta account and head to the Applications page.
Select Create App Integration from the options.
Choose SAML 2.0 ⇒ Next
Add and app name HandsHQ ⇒ Next
Set up SAML SSO
Enable SSO in HandsHQ
Next, you'll need to set up SAML SSO in Settings ⇒ Single Sign-on.
Open HandsHQ
Select Settings at the top of the screen.
In the Single Sign-on section, click Enable SAML SSO.
Set up HandsHQ in Okta
Still in HandsHQ, scroll down and change "Identity provider" to Okta
Copy Service provider single sign-on URL
Return to Okta and paste it into the Single sign-on URL field
Go back to HandsHQ and copy Service provider metadata URL
Return to Okta and paste it into the Audience URI (SP Entity ID) field
Leave the default settings for the rest of the fields
Overview of information to copy from HandsHQ into Okta:
Field to copy from HandsHQ | Paste into equivalent Okta field |
Service provider single sign-on URL | Single sign-on URL |
Service provider metadata URL | Audience URI (SP Entity ID) |
Leave the default settings for the rest of the fields as per the screenshot below.
Enable just-in-time provisioning
To enable Just-in-time provisioning in Okta:
Go to Attribute statements
Add the following attributes (see image)
Click Next and then Finish
Set up Okta in HandsHQ
In Okta, go to the Sign On tab, scroll down and click on View SAML setup instructions
Copy Identity Provider single sign-on URL
Go back to HandsHQ and paste it into Identity provider single sign-on URL field
Return to Okta and copy the Certificate (don’t copy Begin certificate and End certificate text)
Go back to HandsHQ and paste it into the Identity provider certificate field ⇒ Save changes
Set up users in Okta
Now return to Okta, go to Directory => People and assign users to the HandsHQ app
Field to copy from Okta | Paste into equivalent field in HandsHQ |
Identity Provider single sign-on URL | Identity provider single sign-on URL |
Certificate (don’t copy Begin certificate and End certificate text) | Identity provider certificate |
You’re all set, users can now log into HandsHQ using Single Sign-on.
💡 Please note, you will need to also give users permission to access divisions in HandsHQ. You can do so either through HandsHQ Setting ⇒ Users or via email you’ll receive.