Skip to main content

Enabling single sign-on with Okta

Written by Hyperproof Support
Updated over 3 weeks ago

đŸ‘„ Roles and permissions

  • Only administrators can enable SSO for the organization

Hyperproof supports single sign-on (SSO) with Okta via SAML. Once SSO is enabled for your organization, users can log in with their Okta credentials using a custom URL that is specific to the organization.

Examples

  • If your organization is in Hyperproof US, an example of a custom URL is: https://luna.hyperproof.app

  • If your organization is in Hyperproof EU, an example of a custom URL is: https://luna.hyperproof.eu

The first step towards enabling SSO in your organization is to add Hyperproof to your Okta tenant. You’ll need a subdomain, which is provisioned by Hyperproof Support. To get your subdomain, create a support request asking for SSO setup.

📝 Note

If the domain is a .com address, the subdomain is set as the domain without the .com suffix.
​

If the domain is not a .com address, the subdomain is set as the domain name without the period.
​

Examples

Domain name

Subdomain

http://acme.com

acme

http://lunabtechnologies.com

lunabtechnologies

http://techstartup.io

techstartupio

http://whitehouse.gov

whitehousegov

📝 Note

If you have SSO enabled and you invite someone to your organization whose email address is not part of your SSO domain, such as external auditors or contractors, they can't log into Hyperproof via the custom URL provided for SSO. These users must log in using the default URL for your Hyperproof instance. Default Hyperproof URLs include:

Supported features

The Okta / Hyperproof SAML integration currently supports the following features:

  • SP-intiated SSO

  • IdP-initiated SSO

For more information on these features, see the Okta Glossary.

Step One: Adding the Hyperproof application to your Okta tenant

Hyperproof can be found in Okta’s App Integration Catalog. This integration makes configuring Hyperproof in Okta quick and easy.

  1. Log in to your Okta tenant as an Administrator.

  2. From the left navigation menu, select the Applications drop-down menu, and then click Applications.

  3. Click Browse App Catalog.

  4. Enter Hyperproof in the search bar. Select the SAML option.

  5. Click Add Integration.

  6. In the Hyperproof instance field, enter one of the following:

    • For Hyperproof US: hyperproof.app

    • For Hyperproof EU: hyperproof.eu

  7. In the SSO subdomain field, enter the subdomain provided to you by your Customer Success Manager.

  8. Leave the SCIM Endpoint URL blank unless you are using SCIM. See Okta SCIM Configuration.

  9. Click Done.

  10. From the Assignments tab, add one or more users to groups to your application.

  11. Select the Sign On tab.

  12. Copy the Metadata URL and save it to the clipboard.

    📝 Note

    Do not skip this step! You’ll need the metadata URL to complete the setup.

  13. Click Edit at the top right on the Settings section.

  14. Under Credentials Details, change the Application username format to Email.

  15. Click Save.

Step Two: Configuring Okta in your Hyperproof organization

Once the Hyperproof application has been configured in Okta, you’ll need to add the metadata URL to the SSO configuration for your Hyperproof organization.

  1. Log in to Hyperproof as an Administrator.

  2. From the left menu, select Settings and then select Authentication.

    📝 Note

    The Authentication tab is not visible until SSO is turned on for your organization. If SSO has been turned on and you don’t see the tab, log out of Hyperproof and then log back in again. If the option is still not visible, please create a support request.

  3. Toggle on Single Sign On (SSO).

    The Authentication window opens.

  4. From the Identity Provider drop-down menu, select Okta.

  5. Below Identity Provider Metadata URL, paste the metadata from step 11 in the previous section.

  6. Optionally, if you’d like users to be able to log in via IdP (i.e. clicking the Hyperproof logo on the Okta Apps page), select the Allow IdP-initiated sign-in checkbox.

  7. Click Save.

Step Three: Logging in to Hyperproof with SSO

You’ll be able to log in to Hyperproof using your Okta credentials after SSO is fully configured for your Hyperproof organization.
​

At this point, you’ll have the option to make SSO required. If it’s required, users without a company email address will still be able to log in via Google, Office 365, or email/password. Refer to Requiring SSO for login for more information.

  1. Using your previous credentials, e.g. Google, Office 365, or email/password, log in to Hyperproof.

  2. From the left menu, select Settings and then select Authentication.

  3. At the top of the screen, you will see your organization’s SSO URL. This is the URL that your organization's Hyperproof users will use to log in to Hyperproof.

    org-sso-name.png

  4. Copy the SSO URL to the clipboard.

  5. Log out of Hyperproof by clicking your user icon in the upper-right corner, and then clicking Sign Out.

  6. Paste the SSO URL into a new browser tab and then press Enter.

    You’re redirected to your Okta directory where you can log in with your Okta credentials. Once you’ve provided your Okta credentials, you’ll be logged into Hyperproof automatically.

    If you were able to log in to Hyperproof successfully using SSO, you are ready to share the SSO URL with the other Hyperproof users in your organization.

📝 Note

The following SAML attributes are supported:

Name

Value

email

user email

Related Articles
Enabling single sign-on with a generic SAML identity provider for Hyperproof Gov
Enabling single sign-on with a generic SAML identity provider
Enabling single sign-on with JumpCloud
Enabling single sign-on with Okta in Hyperproof Gov
Enabling single sign-on with Microsoft Entra ID via OIDC
Did this answer your question?