This article describes how to set up SAML for Okta, which is a prerequisite for setting up SCIM for Okta so that you can create, remove, and update users in Pendo, and push groups into Pendo for configuring permissions.
SAML features
SAML for Okta supports the following features:
- SP-initiated single sign-on (SSO)
- IdP-initiation single sign-on (SSO)
For information about these features, see the Okta Glossary.
Prerequisites
- Organization admin rights for your company’s Pendo account.
- Administrator rights in your company’s Okta account.
- A new or existing SAML configuration in Okta.
- A SAML and SCIM-enabled Pendo subscription. For information, contact your Pendo representative.
- SAML enforced in your Pendo subscription. Contact Pendo Support to configure SAML for your subscription. For more information, see SAML Single Sign-On (SSO) overview.
Step 1. Create a SAML app integration
First, create a new Pendo SAML app integration in Okta. You must set up your Pendo application in Okta even if you already have an Okta configuration. You can replace your existing Okta configuration by creating a new application to enable SCIM for your account. For more information, see Okta’s How to Configure SAML 2.0 for Pendo.
- Sign in to your Okta account and select Admin.
- Select the Pendo application.
- In the Sign On tab, set the Default Relay State to the value corresponding with your region. Select the appropriate URL for your subscription’s data center.
- US: https://pingone.com/1.0/c1dc3d4d-f04b-4c71-902f-af4895a57c21
- US1: https://pingone.com/1.0/d65656ad-caef-4a4d-99d7-e998b6f0d97f
- EU: https://pingone.com/1.0/2e51bcef-d8c5-4e12-b145-9d94e09d7bb5
- JP: https://pingone.com/1.0/5d4212e1-4feb-4d30-b933-6bfda633d532
- In the same Sign On tab, set the Application username format to Email.
Step 2. Share your metadata XML with Pendo
To share your metadata XML with Pendo, you can either:
- [Preferred] Copy the URL from View SAML setup instructions on the Sign On tab in the Okta Pendo app.
- Download the SAML IdP metadata XML file from the SAML setup instructions section of your app in Okta.
Send the metadata XML and all of your users' email domains that will use SSO to the Pendo Support team. Pendo then confirms that the SAML configuration for the new app integration is complete and shares instructions for verifying that SAML SSO is working.
Next steps
Setting up SAML SSO for Okta is a prerequisite to enabling SCIM for Okta. For next steps, see Set up SCIM for Okta.