This article will walk you through how to configure Federated SSO in Intricately to allow for authentication using your Identity Provider. This is the last step in getting set up with SSO for Intricately.

Getting Started

Prerequisites

You must have completed setting up the Intricately Application in Okta. You'll need the following information from that configuration to complete this setup in Intricately:

  • Client ID and Client Secret (found in the Client Credentials section under the Sign On tab)
  • Your Okta Org domain URL

If you haven't completed this configuration, head to our article on how to Set up the Intricately Application in Okta.

Supported Features

The Federated SSO Configuration in Intricately Application currently supports the following features:

  • IdP Configuration - You have the option to use Metadata Driven Configuration or Manual Configuration
  • IdP Authentication Activation - After you have saved the configuration, you can activate the configuration. Your organization users will be able to login using the IdP configuration only after activation.
  • Restricted authentication - Once IdP configuration is saved and activated, all users belonging to the organization will be allowed to authenticate for login using the configured IdP only. Other authentication options like Google, LinkedIn and Salesforce will not be available to the users.

Configuration Steps

Step 1 - Configure Settings

  • Log into your Intricately Account.
  • Navigate to the user icon on the top right and select Settings from the menu.
  • Click on Single Sign-on tab.
  • On the next screen, you will provide the configuration details from your Identify Provider. You will need to know the URL for your IdP Org. For example, if you are using Okta as your IdP, the URL may be “https://yourdomain.okta.com”
  • You can choose to use their Metadata Driven Configuration (default) or Manual Configuration:

Metadata Driven Configuration:

This option is preferred and is the standard way for Identity Providers to publish discovery documents, used for automatic configuration.

You will need the following information:

  • Well Known Config URL - the general format is “https://{ Your Okta Domain URL }/.well-known/openid-configuration”
  • Client ID - generated when you created the Intricately App in your IdP
  • Client Secret - generated when you created the Intricately App in your IdP

Manual Entry Configuration

If your IdP does not have a well-known config, you will need to enter the metadata for the IdP manually. This is usually only the case when your company has created its own in-house IdP.

You can proceed with Manual Entry by clicking "Manual Entry" in the "Information from your IdP" section of the settings window and filling in the fields with the information from your IdP.

You will need:

  • Authorization endpoint URL - sample format is “https://{ Your Okta Domain URL }/oauth2/v1/authorize”
  • Token endpoint URL - sample format is “https://{ Your Okta Domain URL }/oauth2/v1/token”
  • Userinfo endpoint URL - sample format is “https://{ Your Okta Domain URL }/oauth2/v1/userinfo”
  • Client ID - generated when you created Intricately App in your IdP
  • Client Secret - generated when you created Intricately App in your IdP
  • Once you have completed either Metadata Driven Configuration or Manual Entry Configuration, you will have to save your settings. You have two options:
    - “Save Configuration and Activate” - save the SSO configuration and also activate it. Once activated, the users in your organization will be allowed to authenticate only using the IdP.
    - “Save Configuration Without Activating” - save the SSO configuration but without activating it yet. You can do it at a later time when you are ready.

Step 2: Activate IdP Authentication

  • If you did not activate authentication when saving your configuration, you will need to turn it before users can begin authenticating via IdP.
  • To activate, toggle the SSO Authentication option under the Single Sign-On tab.
  • Once this is done:
    - Users in your team will automatically be logged out.
    - Users in your organization will only be allowed to authenticate via SSO
    - Google, LinkedIn, and Salesforce authentication will be disabled.

Step 3: Validate your Configuration

Test your configuration via the Intricately login process.

  • Ensure you are logged out. Then return to the Intricately web application.
  • Select your IdP from the login options.
  • Enter your Intricately Login ID (or your work email ID) and hit Submit.
    - The web page will redirect to your IdP Org login page, if you don’t have an active IdP session in your browser. You can enter your IdP credentials and you will be redirected and signed in to Intricately Application.
    - If you have an active IdP session in your browser, then you will be seamlessly logged in to Intricately Application.

Test your configuration through your IdP console:

  • Login to your IdP and go to the list of available applications.
  • Click on Intricately app to automatically login to Intricately Application.

You've now successfully set up SSO for Intricately!

Did this answer your question?