How do I connect Grovo to Okta for single sign-on (SSO)?

Using Security Assertion Markup Language (SAML), a user can use their managed Okta account credentials to sign in to enterprise cloud applications via single sign-on (SSO). An identity and access management (IAM) service provides administrators with a single place to manage all users and cloud applications. You don't have to manage individual user IDs and passwords tied to individual cloud applications for each of your users. An IAM service provides your users with a unified sign-on across all their enterprise cloud applications.

Prerequisites

• An active Okta plan
• An administrator account 

Step 1: Complete App Integration Wizard in Okta

Note: If you plan on using just in time (JIT) provisioning to automatically create users in Grovo, please refer to these instructions here. Our application in Okta's OIN does not support JIT provisioning at this time.

1. From the Administrator Dashboard, go to Applications
2. Click Add application and search for Grovo in the Okta Integration Network (OIN) by using the search and filtering tools. Please confirm that you're selecting the Grovo app and not Grovo SAML (Legacy)
3. Complete the following values in Okta
   • Custom Domain: Enter your custom Grovo domain. If your Grovo subdomain is https://acme.grovo.com, enter acme.
   • Default Relay State: https://<domain>.grovo.com
   • Application username format: Email
4. From the “Sign On” sub tab, download your organization's Identity provider metadata (you will need this for Step 2)
5. From the "Assignments" sub tab, select Assign to People and assign the application to a user to test
6. Click Done to exit the wizard. 

Once Grovo has completed the SSO configuration in Grovo, you are ready to proceed to Step 2 to finish the configuration.

Step 2: Complete the Integration in Grovo

1. Navigate to your Grovo platform at https://[subdomain].grovo.com
2. Under Admin > Integrations find the tile for SAML and click Configure.
3. Input the Entity ID, Single Sign On Service Endpoint, and X509 Certificate from the metadata you downloaded in Step 1. (Pro tip: Ctrl+F and search for the applicable words)
4. Click Next and Finish.

Proceed to Step 3 to test.

Step 3: Verify that SSO is working

1. Close all browser windows.
2. Open https://<subdomain>.grovo.com and attempt to sign in. You should be automatically redirected to the Okta sign in page.
3. Enter your sign in credentials.
4. After your sign in credentials are authenticated, you're automatically redirected back to Grovo.