Skip to main content

SSO Okta Express Config

The fastest and easiest way to set up SSO for Okta customers using the direct integration

Written by Mikhail Dubov
Updated today

This article describes how to set up SSO with Okta that is fast and secure. The feature includes:

  • Service Provider (SP)-Initiated Authentication (SSO) Flow: The authentication flow occurs when the user logs in to Chattermill

  • Just-In-Time (JIT) Provisioning: Users are automatically created on their first login. Email and name attributes are provisioned.

  • Universal Logout: When enabled, Okta can terminate user sessions and tokens when risk is detected or when an admin initiates logout.

Just-in-time (JIT) provisioning

With JIT provisioning, users are automatically created in Chattermill when they first sign in via Okta.

  • When a user authenticates via Okta for the first time, a new user account is automatically created with the email and name from Okta.

  • The user is granted access to Chattermill immediately.

Your Chattermill Customer Success Manager can help you select the list of project to auto-provision access to by default.

Prerequisites

  • Okta admin rights to configure the setup.

Step 1: Add Chattermill application in Okta

  1. In Okta, go to Applications > Browse App Catalog.

  2. Search for Chattermill and click Add Integration.

  3. Click Done.

Step 2: Express configure SSO

  1. In the newly created Chattermill application, click the Sign On tab.

  2. Click Express Configure & Universal UL.

  3. Select the organization you want to set up with Okta SSO.

  4. When prompted for credentials, select your existing Chattermill account if you have one, use Google authentication or reach out to sour support to activate domain discovery for you.

  5. In the next screen, approve the connection with Chattermill to complete the setup.

Step 3: Notify Chattermill

Message the Chattermill Support team either on the in-app chat or via [email protected] to notify us that you have set up the Okta integration. Please include:

  • Domains you would like to cover

  • The organization you have chosen in step 2 (no worries if you do not know this, we should be able to figure it out from the domain.

We will reply to confirm domain discovery has been activated and the integration is now ready to use.

You can now invite and manage users via Okta.

Universal logout

Universal Logout is enabled by default. With this feature Okta admins can terminate user sessions across all applications. The feature ensures that when a user is logged out of Okta, they are also logged out of Chattermill. Universal logout is triggered when:

  • An administrator initiates a logout from the Okta Admin Console.

  • The Okta system detects risk and terminates sessions for security.

Troubleshooting

If you need help, reach out to Chattermill Support.

Did this answer your question?