SSO: Configuring Okta for Use with InVision V7
This article provides answers for InVision V7 only. If you're using InVision V6, read this article instead. Not sure which version you're using? Find out now.
Getting set up to use Okta with InVision V7 involves four primary tasks:
- Add InVision as a new application in Okta.
- Add your users to the application.
- Download the metadata for the application.
- Configure Okta in InVision V7.
This document walks you through that process.
Adding InVision as a new application in Okta
To add the InVision app in Okta:
- Sign in to Okta as an admin. In the top navigation bar, click Applications.
- Click the Add Application button.
- In the top-left search field, enter "InVision V7."
- Next to the Okta Verified app named InVision V7, click Add.
There may be several apps with "InVision" in the name. Be sure to choose the Okta Verified app named InVision V7.
- On the following General Settings page for InVisionApp, navigate to the SubDomain field and enter your InVision subdomain. Click Done.
- Under the Assignments tab, Click the Assign button to assign people or groups who should be able to access InVision. If you don't add them, they won't be able to access InVision via Okta.
Be sure to verify that the email addresses in Okta match those for existing InVision accounts.
- Once you have finished assigning people, click the Sign On tab.
- Click the Identity Provider metadata link and copy the metadata. You'll need to send this metadata to complete the configuration process in InVision V7.
Configuring Okta in InVision
To perform this action, you must be an owner or admin on the Enterprise account.
With InVision V7, you can configure Okta directly from your team settings.
To configure Okta:
- Sign in to your InVision Enterprise here:
- In the lower-left corner, click the [Your Team Name] dropdown, and then click People & Team settings.
The Team page will open with the People tab active.
- Click the Settings tab, and then click Single sign-on.
- Toggle on Require SSO for every member of [your Enterprise team].
- With the information provided in Okta’s Identity Provider metadata file, fill out the SSO settings page.
- Name: Set any name you want for the configuration.
- Sign-in URL: Use the URL provided at the end of the metadata file in the
- Sign-out URL: Okta does not support SLO, so leave this blank.
- SAML Certification: Copy the certification provided in the
ds:X509Certificate attribute of the metadata file.
- Name ID Format:
- HASH Algorithm: SHA-256
- SSO Button Label: Set any text you’d like for the SSO button that appears when signing in.
- Click Update.
Now when any user attempts to sign in to your InVision V7 subdomain, they will be prompted to use SSO with Okta.