To configure the Procore application for Okta Single Sign-On (SAML 2.0).
If your company uses the Okta Single Sign-on (SSO) identify management solution, an Administrator at your company can now add the Procore application to your Okta implementation. This gives your users the ability to enter a single set of login credentials to access the Procore application and any other third-party system that your company Administrator has integrated with Okta (e.g., Salesforce, Marketo, etc.).
Add the Procore Application to Okta
The first step is to add your company's Procore site to your company's Okta account. If your organization has more than one Procore company account, be sure you know the Procore site address for the site you intend to integrate with Okta.
- Navigate to to Okta: https://www.okta.com/login/
- At the Get in to Okta page, enter your company's unique Okta Site Address. Then click Submit.
Note: If you do not know your site address, contact your organization's Okta Administrator to obtain it.
- At the Sign In page, sign into Okta using an account associated with the appropriate Administrator role. Then click Sign In.
- Click the Admin button.
- On the right-side of the Dashboard page, under Shortcuts, click Add Applications.
- In the Add Application page, type Procore in the search field. When the Procore application appears, click Add.
- In the Add Procore page, type the following information:
- Type Procore in the Application Label field.
- Leave the Application Visibility checkboxes blank.
- Then click Next.
- In the Assign People to Procore page, select which users should be allowed to view the 'Procore' application button when they log in to Okta. Select users individually using the checkboxes or click the "Select All" option. The click Next.
- Click Done.
- In the Procore application page, click the Sign On tab. Then scroll down the page and then click the View Setup Instructions button.
- Leave Okta open in your web browser.
- In a new browser window, log into the Procore application.
Important: You must log into Procore with an account that has been granted 'Admin' level permissions to the Company level Admin tool.
- In the Okta browser window, copy the following strings in the Okta page:
- Identity Provider Single Sign-On URL. This provides the sign on URL that Procore requires in order to use Okta as the identity provider for the Procore application.
- X509 Certificate. This is the key certificate required for the SSO integration. It defines Okta as the certificate authority for the Procore application. When copying this string, do NOT copy the "------------BEGIN CERTIFICATE------------" and "------------END CERTIFICATE------------" markers. You should only copy the text that resides between these markers.
Configure Procore's Company Settings for SSO
Login into Procore using an account that has 'Admin' permission to the Company level Admin tool.
- Navigate to the Company level Admin tool.
- On the 'Company Settings' page, do the following:
- Single Sign On Issuer URL
Paste the 'Identity Provider Single Sign-On URL' that you copied from Okta into this field.
- Single Sign On x509
Paste the 'X509 Certificate' that you copied from Okta into this field.
Important: When copying the certificate information from Okta, do NOT copy the "------------BEGIN CERTIFICATE------------" and "------------END CERTIFICATE------------" markers. You only want to copy the text that resides between these markers.
- Single Sign On Target URL. Always leave this field blank to avoid redirecting users to an unsupported login page. A target URL is NOT supported by the Okta SSO solution.
- Click Save Changes.
You should now log into Okta or have an end user log in to verify your configuration settings were entered correctly. See How Do I Log Into Procore Using Okta (SSO).