InVision Cloud V7: SSO - Configuring Okta for use with InVision
To configure Okta for use with InVision Cloud V7, there are four main steps to the process:
- Add InVision as a new application in Okta.
- Add your users to the application.
- Download the metadata for the application.
- Configure Okta in InVision Cloud V7.
This document walks you through that process.
Adding InVision as a new application in Okta
- Sign in to Okta as an admin. In the top navigation bar, click Applications.
- Click the Add Application button.
- In the top-left search field, enter "InVision V7."
- Next to the Okta Verified app named InVision V7, click Add.
There may be several apps with "InVision" in the name. Be sure to choose the Okta Verified app named InVision V7.
- On the following General Settings page for InVisionApp, navigate to the SubDomain field and enter your InVision subdomain. Click Done.
- Under the Assignments tab, Click the Assign button to assign people or groups who should be able to access InVision. If you don't add them, they won't be able to access InVision via Okta.
Be sure to verify that the email addresses in Okta match those for existing InVision accounts.
- Once you have finished assigning people, click the Sign On tab.
- Click the Identity Provider metadata link and copy the metadata. You'll need to send this metadata to complete the configuration process in InVision Cloud V7.
Configuring Okta in InVision
To perform this action, you must be an owner on the Enterprise account.
With InVision Cloud V7, you can configure Okta directly from your team settings.
To configure Okta:
- Sign into your Cloud V7 enterprise account.
- At the top of the page, click Team.
- Click the Settings tab, and then click Single sign-on.
- Toggle on Require SSO for every member of [your Enterprise team].
- With the information provided in Okta’s Identity Provider metadata file, fill out the SSO settings page.
- Name: Set any name you want for the configuration.
- Sign-in URL: Use the URL provided at the end of the metadata file in the
- Sign-out URL: Okta does not support SLO, so leave this blank.
- SAML Certification: Copy the certification provided in the
ds:X509Certificate attribute of the metadata file.
- Name ID Format:
- HASH Algorithm: SHA-256
- SSO Button Label: Set any text you’d like for the SSO button that appears when signing in.
- Click Update.
Now when any user attempts to sign in to your InVision Cloud V7 subdomain, they will be prompted so use SSO with Okta.
At this time, native authentication cannot be enabled when SSO is enabled. This means all users will need to sign in via SSO when it is enabled.