Boost recurring donations this giving season with the new upsell prompt!With Soapbox, you have the ability to enable single sign-on with Okta as the identity provider so that Okta users can login to the Soapbox administrator using their Okta account credentials.
Step 1: Create an Application in Okta
To set up single sign-on, you will first need to create an Application in your Okta account. When creating this app integration in Okta, choose SAML 2.0 as the Sign-In Method. We recommend naming the app Soapbox Engage.
For the SAML Settings of your Okta app integration, use the following:
- Single sign on URL: https://{your Soapbox domain}/saml/default-sp
Examples of custom and default prefix domains include the following:
https://www.example.org/saml/default-sp
https://act.example.org/saml/default-sp
https://example.secure.nonprofitsoapbox.com/saml/default-sp - Default Relay State: https://{your Soapbox domain}/administrator/index.php?option=com_login&task=saml
- Audience URI (SP Entity ID): use the same URL you entered for the Single sign on URL
- Name ID format: EmailAddress
- Application username: email
Step 2: Assign users or groups to your Application in Okta
On the Assignments tab of your new Okta Application, add all users or groups you wish to be able to login to Soapbox via Okta.
Step 3: View Setup Instructions in Okta
Once you have created your Application in Okta and assigned users, you'll need to access the configuration details in Okta that you will enter in Soapbox. To do so, go to the Single Sign On tab of the Okta Application and click View Setup Instructions. Keep the tab that opens available as you move to the next step.
Step 4: Configure Single Sign-On for Okta in Soapbox
To configure Single Sign-On for Okta in Soapbox:
- Login to your Soapbox administrator
- Go to Single Sign-On
- On the Service Provider Setup tab, for Enable Admin Single Sign-on, select Yes
- For Identity Provider Entity ID, enter the Identity Provider Issuer from the Okta Application Setup Instructions
- For Admin SAML Login URL, enter the Identity Provider Single Sign-On URL from the Okta Application Setup Instructions
- For X.509 Certificate, enter the portion of the X.509 Certificate from the Okta Application Setup Instructions that falls between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----"
- Click the Login Settings tab
- For Login Button Text under Administrator Options section, enter the text of the hyperlink to appear on the administrator login page that admins will click to login using Okta. You may wish to change this to "Login with Okta".
- For Login Options, choose whether you wish users to be able to login with EITHER their Soapbox user credentials or their Okta credentials OR only their Okta credentials
- Click Save
Single Sign-On has now been enabled for your administrator account.
Step 5: Add users to the User Manager in Soapbox
To access the Soapbox administrator using Okta credentials, an individual must have an enabled user account in Soapbox with a username that matches their Okta email address. To create accounts in Soapbox:
- Go the User Manager
- Click New to create a user
- For First Name, enter the first name of the user
- For Last Name, enter the last name of the user
- For Username, enter the email of the user that is associated with their Okta account
- For E-mail, enter the email of the user that is associated with their Okta account
- For New Password, enter a password of your choosing. This will not be used when logging in via single sign-on, however.
- For Verify Password, re-enter the password
- For Group, under Public Back-End, select either Manager or Administrator. The primary difference between the two is that Administrators can create and edit users while Managers cannot.
- Click Save
- Repeat for each user you wish to grant access to the administrator