How to set up Single Sign-On in Targetprocess with Okta

Edit online

Step-by-step guide on how to set up Single sign-on integration with Okla.

About this task

Targetprocess supports most of the SAML 2.0 compatible providers including OneLogin, Okta, Bitium and ADFS 2.0.

Integrating with Okta involves the following four steps:

  1. Adding Targetprocess as an application on the Okta dashboard
  2. Configuring Okta details in Targetprocess
  3. Assigning Targetprocess Application to Users in Okta
  4. Testing SSO in Targetprocess

Detailed steps are provided below.

1. Adding Targetprocess as an application on the Okta dashboard

Procedure

  1. Log in to your Okta Admin account, select 'Applications' tab and then click ‘Add application’.
  2. Choose “Create New App”.
  3. Set application name, e.g. “Targetprocess” and click “Next” to proceed to SAML settings.
  4. Now you need to log in as administrator to your Targetprocess account and get out your “Single sign on URL” for Okta. In Targetprocess its called “Assertion Consumer URL” and can be found at Settings > Authentication and Security > Single Sign-On.
  5. Copy the URL. e.g. “https://your_account.tpondemand.com/api/sso/saml2” and paste into ““Single sign on URL” in Okta.
  6. Paste same value into “Audience URI (SP Entity ID)”
  7. Select “EmailAddress” in “Name ID format” field and “Email” in “Application username”. Result:
  8. Now click “Next” and “Finish” on the next screen.

Configuring Okta details in Targetprocess

Edit online

Procedure

  1. On the ‘Sign On’ tab of your application click “View Setup Instructions” to get additional fields for your Target process.
  2. Copy “Identity Provider Single Sign-On URL” and paste it into “Sign-on URL” field in Targetprocess SSO settings.
  3. Copy X.509 certificate (including lines with “BEGIN” and “END”) and paste in Targetprocess into “Certificate” field.
  4. Next you can enable JIT PRovisioning, disable native Targetprocess login form and some users to SSO exceptions list if needed. More information about these settings can be found in “Single Sign-On in Targetprocess” guide.Targetprocess Image

3. Assigning Targetprocess Application to Users in Okta

Edit online

Procedure

  1. After completing the configurations in Targetprocess, go back to Okta to assign the newly added application to your users on “People” tab in application details.
  2. Also you may use multiple applications assignment available in "Applications" > "Assign applications" menu.

4. Testing SSO in Targetprocess

Edit online

Procedure

  1. Logout from Targetprocess (click on avatar picture and choose “Logout”).
  2. Open your Targetprocess URL in browser - https://YOUR_ACCOUNT.tpondemand.com/. Now two scenarios are possible:
    1. if you have disabled Targetprocess login form - browser will redirect you to Okta login page and then to Targetprocess UI
    2. if you have mixed mode enabled - you’ll have to to click “Log in using Single sign-on” on Targetprocess login page.

Troubleshooting

Edit online

About this task

  • Error 404 Not found - this means incorrect URL either in Targetprocess SSO settings or in Okta application settings. Please double-check your settings in Okta and Targetprocess to make sure URLs are valid

  • You’re getting “Sorry, you can't access Targetprocess because you are not assigned this app in Okta” error. To resolve this problem make sure that your user is assigned to Targetprocess application on step 3 and you’re using correct account to login to Targetprocess.

Other problems are less common and we'd recommend you to check your Okta application log to find out all the details or look into Targetprocess System log.

Targetprocess Image