Setting up SSO with Okta
Companies and universities can use Okta to set up Single Sign-On (SSO) with Tower’s Customer Portal.
Requirements for setting up SSO:
- Subscription must have either Enterprise or University plan.
- The user must be owner of the organization.
Retrieve SSO configuration values from Tower Customer Portal
- Open Tower Customer Portal and sign in.
- In navigation side bar click on “Account”.
- In “Organizations” section click “Edit” for the organization you want to set up SSO.
- A form with SSO configuration options will appear. Keep this page open because you will need to use “SSO callback URL” and “Issuer” values when configuring Okta.
Create a new app in Okta for authentication with Tower
- In a new browser tab sign into Okta.
- Open navigation side bar (click “☰” symbol) and navigate to “Applications”.
- Click “Create App Integration” button.
- Select “SAML 2.0” option and click “Next”.
- In “App Name” field type “Tower” and click “Next”.
- In “SAML Settings section”:
- Find “Single sign on URL” field in Okta and paste “SSO callback URL” field’s value from Tower Customer Portal.
- Find “Audience URI (SP Entity ID)” field in Okta and paste “Issuer” field’s value from Tower Customer Portal.
- Leave other settings as is or configure them for your own needs.
- Click “Next” button.
- If asked “Are you a customer or partner?” select “I’m an Okta customer adding an internal app” and click “Finish”.
- In the newly created Tower app’s page in Okta select “Sign On” tab and under “SAML Signing Certificates” section on the right side click “View SAML setup instructions” button.
- A new tab with instructions will open. Keep the new tab open because the “Identity Provider Single Sign-On URL” and “X.509 Certificate” will be required to finish SSO configuration in Tower Customer Portal.
Add Okta specific configuration to Tower Customer Portal
- Find the previously open “Edit Organization” form in Tower Customer Portal.
- Find “Target URL” field in Tower Customer Portal and paste “Identity Provider Single Sign-On URL” value from Okta’s SAML Setup Instructions page.
- Find “Identity provider’s certificate” field in Tower Customer Portal and paste “X.509 Certificate” value from Okta’s SAML Setup Instructions page.
- Finally, click the “Update Organization” button.
Add users to the Tower app in Okta
Remember to add all your organization’s users that need access to Tower to the newly created Tower app in Okta. Now these users will be able to authenticate in Tower Customer Portal using SSO and activate Tower app using the “Activate Tower App” button in Tower Customer Portal’s Dashboard or by using the License Key that is found in “My Licenses” page in Tower Customer Portal.
Keep in mind that in order for a new user to successfully authenticate using SSO, the matching subscription needs to have at least one available seat. If all seats are used, then the user will not be able to authenticate using SSO and activate the Tower app.