Note: SSO/SAML is available in our Corporate or Enterprise plans.
Setup and Configuration
To setup your Status Hero account with SSO/SAML and Okta, you'll need to take the following steps. Right now there is still a manual step on our end, so we'll need the link from the last step along with a heads-up that you would like to enable SSO/SAML with Okta for your account.
Once we confirm that everything works, we'll disable password authentication and magic link sign-in capability completely for your account.
Here are the steps:
1. Log in to your Okta organization as a user with administrative privileges
2. Click on the blue “Admin” button
3. Click on the “Add Applications” shortcut
4. Click on the green “Create New App” button
5. In the dialog that opens, select the “SAML 2.0” option, then click the green “Create” button
6. Fill in "Status Hero" for the "App name"
7. (Optional) Upload our logo
8. Click the "Next" button
9. In the next step, fill in
https://statushero.com/saml/consume for the "Single Sign on URL"
10. Fill in
https://statushero.com/saml/consume for the "Audience URI"
11. Change the "Application username" field to "Email"
12. In the “Attribute Statements” section, add two attribute statements:
- “FirstName” set to “user.firstName”
- “LastName” set to “user.lastName”
13. Select "I'm a Customer" in the feedback section
14. Click "Finish"
15. In the "Sign On" tab, copy the link for "Identity Provider metadata" and send it to us
Once you have the application setup in Okta, you can either add users to both Okta and Status Hero, or use SCIM provisioning.
If you'd like to use SCIM provisioning, contact email@example.com and request
SCIM_PROVISIONING feature get turned on for the Status Hero app.
Then contact us and we'll enable it for your account, after which you'll find the SCIM base URL and bearer token to use in the steps below in your account settings. Status Hero uses SCIM v2.0 with Okta.
In Okta, select SCIM for provisioning:
Then under the "Provisioning" section, select "HTTP Header" for "Authentication Mode", fill in the base URL and bearer token from your account settings. Select "Push New Users" and "Push Profile Updates" under the "provisioning actions". Press "Save".
Finally, enable "Create Users", "Update User Attributes", and "Deactivate Users" from the Okta to App provisioning options. (Don't forget to hit the save button!)
Once that's done, you'll able to assign and unassign users to Status Hero from the Assignments tab.