The following is a generic guide for setting up SSO through Okta as a SAML application. Your exact setup may differ depending on your version of Okta and desired setup.

SAML application setup

Gr4vy supports various configurations for Okta. The following is an example of an Okta setup.

  1. Log into your Okta dashboard
  2. Head over to Applications -> Applications in the left-hand sidebar
  3. Click the Create App Integration button
  4. Select SAML 2.0 in the menu
  5. Fill in the General Settings with any values
  6. On the Configure SAML step fill in the following
    • Single sign-on URL: https://auth.gr4vy.com/login/callback?connection={gr4vy_id}-saml&organization={gr4vy_id} where gr4vy_id unique ID of your instance. In some cases this ID may be slightly different when we set it up.
    • Audience URI (SP Entity ID): urn:auth0:gr4vy:{gr4vy_id}-saml
    • Add the following Attribute Statements with an Unspecified name format
      • name -> user.displayName
      • email -> user.email
      • gr4vy_roles -> user.gr4vy_roles
      • gr4vy_environments -> user.gr4vy_environments
  7. Finish the application setup

The exact value of the profile attribute mapping may depend on your setup.

Before continuing, please ensure our team has set up the application for you. Please reach out to our support team to get this enabled

Users access

Once an application is set up, it’s important to make sure the right users have access to the application. This is something that can be configured on the user profile, through a group, or through app properties. In either setup, it’s important to apply the following profile properties to the intended users.

Profile properties

With the steps above the connection should work but no roles or environments are assigned to any user. By default, users are restricted to the analyst role in the sandbox environment. To set this up properly, we recommend you add two new custom variables to all profiles.

Roles

The gr4vy_roles property is used to control the roles a user has. This needs to be an array with the following values. If not set this defaults to analyst.

  • analyst
  • administrator
  • customer-support
  • pii-viewer
  • system-manager
  • system-support
  • user-manager
  • report-manager
  • report-viewer

Environments

The gr4vy_environments property is used to control the environments a user has access to. This needs to be an array with one or more of the following values. If not set this defaults to sandbox.

  • production
  • sandbox