Skip to main content

Enabling single sign-on with Okta in Hyperproof Gov

Written by Hyperproof Support
Updated over 3 weeks ago

👥 Roles and permissions

  • Only administrators can enable SSO for the organization

Hyperproof Gov supports single sign-on (SSO) with Okta via SAML. Once SSO is enabled for your organization, users can log in with their Okta credentials using a custom URL that is specific to the organization.

If your organization is in Hyperproof Gov, an example of a custom URL is: https://luna.hyperproofgov.app

The first step towards enabling SSO in your organization is to add Hyperproof Gov to your Okta tenant. You’ll need a subdomain, which is provisioned by Hyperproof Support. To get your subdomain, create a support request asking for SSO setup. In the example, above the subdomain is luna.

📝 Note

If the domain is a .com address, the subdomain is set as the domain without the .com suffix.

If the domain is not a .com address, the subdomain is set as the domain name without the period.

Examples

Domain name

Subdomain

http://acme.com

acme

http://lunabtechnologies.com

lunabtechnologies

http://techstartup.io

techstartupio

http://whitehouse.gov

whitehousegov

📝 Note

If you have SSO enabled and you invite someone to your organization whose email address is not part of your SSO domain, such as external auditors or contractors, they can't log into Hyperproof via the custom URL provided for SSO. These users must log in using the default URL for your Hyperproof instance. Default Hyperproof URLs include:

Step One: Creating a custom Hyperproof Gov application in your Okta tenant

Hyperproof is in the process of certifying our Hyperproof FedRAMP SAML integration with Okta. When the certification is complete, a Hyperproof Gov application will be available publicly in the Okta Integration Network (OIN). Until that certification is complete, you must create a custom Hyperproof Gov application in your Okta tenant.

  1. Log in to your Okta tenant as an Administrator.

  2. From the left menu, select the Applications drop-down menu, and then click Applications.

  3. Click the Create App Integration button and then click the SAML 2.0 radio button.

  4. Click Next.

  5. On the General Settings page, set the App Name field to Hyperproof Gov.

  6. In the App logo field, upload the Hyperproof logo file. Click here to download the file

  7. Click Apply, then Next.

  8. In the Single sign on URL field enter:

    https://signin.hyperproofgov.app/sso/saml2/temp

  9. In the Audience URI field enter:

    https://hyperproofgov.app/saml2/service-provider/MY_HYPERPROOF_SUBDOMAIN

    Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain assigned to your Hyperproof Gov organization, such as luna.

  10. In the Default RelayState field enter:

    https://MY_HYPERPROOF_SUBDOMAIN.hyperproofgov.app/signin

    Replace MY_HYPERPROOF_SUBDOMAIN with the subdomain assigned to your Hyperproof Gov organization, such as luna.

  11. In the Application username field select Email.

  12. Under Attribute Statements, add the following:

    • Name: email

    • Value: user.email

  13. Click Next.

  14. On the Help Okta Support understand how you configured this application page, select This is an internal app that we have created.

  15. Click Finish.

    The Sign On tab of your new Hyperproof Gov application displays.

  16. Click the Identity Provider Metadata link to view the metadata for your application.

  17. Copy the Identity Provider Metadata URL and save it to the clipboard.

    📝 Note

    Do not skip this step! You’ll need the metadata URL to complete the setup.

  18. From the Assignments tab, add one or more users or groups to your application.

Step Two: Configuring Okta in your Hyperproof Gov organization

Once the Hyperproof Gov application has been configured in Okta, you’ll need to add the metadata URL to the SSO configuration for your Hyperproof Gov organization.

  1. Log in to Hyperproof Gov as an Administrator.

  2. From the left menu, select Settings and then select Authentication.

    📝 Note

    The Authentication tab is not visible until SSO is turned on for your organization. If SSO has been turned on and you don’t see the tab, log out of Hyperproof and then log back in again. If the option is still not visible, please create a support request.

  3. Toggle on Single Sign On (SSO).

    The Authentication window opens.

  4. From the Identity Provider drop-down menu, select Okta.

  5. Below Identity Provider Metadata URL, paste the metadata URL from Step 17 in the previous section.

  6. Click Save.

    The status of your SSO configuration starts as Pending but transitions to Connected if no problems are encountered.

  7. Copy the Assertion Consumer Service URL from the top of the page. You will need this to update Okta in the next section.

Step Three: Updating the Assertion Consumer Service URL (ACS URL) for Hyperproof Gov

When you configured SSO in your Hyperproof Gov organization, Hyperproof Gov generated an Assertion Consumer Service URL specific to your organization. This URL must be updated in the Hyperproof Gov application created in your Okta tenant.

  1. Log in to your Okta tenant as an Administrator.

  2. Navigate to the Hyperproof Gov application that you created in Step One.

  3. Select the General tab.

  4. Click Edit next to SAML Settings.

  5. Click Next to access the Configure SAML step.

  6. Paste the Assertion Consumer Service URL into the Single sign-on URL field.

  7. Click Next, then click Finish.

Step Four: Logging in to Hyperproof Gov with SSO

You’ll be able to log in to Hyperproof Gov using your Okta credentials after SSO is fully configured for your Hyperproof Gov organization.

At this point, you’ll have the option to make SSO required. If it’s required, users without a company email address will still be able to log in via Google, Office 365, or email/password. Refer to Requiring SSO for login for more information.

  1. Using your previous credentials, e.g. Google, Office 365, or email/password, log in to Hyperproof.

  2. From the left menu, select Settings and then select Authentication.

  3. At the top of the screen, you will see your organization’s SSO URL. This is the URL that your organization's Hyperproof users will use to log in to Hyperproof Gov.

    fedramp-okta-sso-url.png

  4. Copy the SSO URL to the clipboard.

  5. Log out of Hyperproof by clicking your user icon in the upper-right corner, and then clicking Sign Out.

  6. Paste the SSO URL into a new browser tab and then press Enter.

    You’re redirected to your Okta directory where you can log in with your Okta credentials. Once you’ve provided your Okta credentials, you’ll be logged into Hyperproof Gov automatically.

    If you were able to log in to Hyperproof Gov successfully using SSO, you are ready to share the SSO URL with the other Hyperproof Gov users in your organization.

Troubleshooting

If logging in to Hyperproof Gov with SSO does not work, verify the steps in the Step One: Creating a custom Hyperproof Gov application in your Okta tenant section above.

It may also help to inspect your SAML settings in Okta. From your Okta directory:

  1. From your Okta directory, select the Applications drop-down menu from the left navigation menu.

  2. Click Applications, and then click Hyperproof Gov.

  3. From the General tab, scroll to the SAML Settings section. Your SAML settings should look like the following:

    saml-settings-fedramp.png

Related Articles
Enabling single sign-on with a generic SAML identity provider for Hyperproof Gov
Enabling single sign-on with a generic SAML identity provider
Enabling single sign-on with JumpCloud
Enabling single sign-on with Okta
Enabling single sign-on with Microsoft Entra ID via OIDC for Hyperproof Gov
Did this answer your question?