To log into Pyn using Okta, you must add an Okta configuration.
On this page
Retrieve your "Single Sign On URL" from Pyn
โ ๏ธ Note: You must be a Pyn Administrator or Owner to retrieve this URL.
After logging in to Pyn, click on Integrations and select Okta.
Here you will find the "Single Sign On URL" needed by your Okta administrator. The URL will appear where you see [Sample] in the image below.
Contact your Okta administrator
Provide the Single sign on URL and these instructions to your Okta administrator.
Once Okta is provisioned, the Okta administrator should provide you with a metadata URL.
Add your Okta configuration
After you have received the metadata URL, return to the Okta integration screen.
Click "Add Configuration" and enter the metadata URL.
Pyn will connect to Okta and your integration will be confirmed with an "active" message.
To log into Pyn using Okta, head to your Okta applications page. If you have been assigned Pyn in Okta, you will now see a Pyn application button. Simply press this button to be logged in to Pyn.
๐ ๏ธ Note: If you want users to only use Okta to log in, you can select the checkbox after your integration is active. Selecting this checkbox means users will no longer be able to log in using Google single sign-on.
Okta Configuration Instructions for Okta administrators
โ ๏ธ The instructions in this section are for the Classic Okta interface. They translate very similarly for the developer interface. If you encounter any issues, switch to the classic interface or contact support@pynhq.com.
Head to the Administration interface for your Okta instance and select the Applications tab. Select the "Add Application" button on the top-left.
Select "Create New App" on the top-right.
You can accept the defaults (Platform Web and SAML 2.0) and then select Create.
On the General Settings screen, enter the App name as Pyn. You can download our logo at https://www.pynhq.com/logo.png - Select the downloaded logo using "Browse" and click "Upload Logo".
Then hit "Next".
On the Configure SAML screen, you need to configure three fields:
The Single sign on URL should be set to the link supplied on the Pyn integration screen. If you do not have this link, get a Pyn administrator to look it up at https://app.pynhq.com/outbox/integrations/okta.
The Audience URI should be set to: **https://production.pynhq.com/sp**
In the Name ID format, select: EmailAddress
Once this is configured, hit "Next" at the bottom of the screen.
The last screen is "Feedback".
Select "I'm an Okta customer adding an internal app" and then Finish.
You will now see the configuration screen for the application.
The Pyn application needs the "Identity Provider metadata", which is the link in the yellow section.
Click to open the link and copy the URL from the browser. It will be something like: https://yourcompanyname.okta.com/app/asdad1213123/sso/saml/metadata
This is the URL you will provide to the Pyn administrator so they can complete the Okta configuration within Pyn.
Finally, you need to ensure users have access to this application. Click the "Assignments" tab to add users.
You can either add the application for the Everyone group, assign individuals, or any other combination.
When you are initially configuring Pyn, we recommend only adding the Pyn administrators to start.
FAQ
Q: Does the Pyn Admin Portal support JIT provisioning of new users via the Okta Integration?
A: We don't support JIT provisioning for Okta. Employees won't need to log into Pyn unless they get added to Pyn as an administrator.