Support Home > Integrations > Okta SSO (SAML 2.0) > Tutorials > Configure Procore for Okta SSO

Configure Procore for Okta SSO

Objective

To configure the Procore application for Okta Single Sign-On (SAML 2.0).

Background

If your company uses the Okta Single Sign-on (SSO) identify management solution, an Administrator at your company can now add the Procore application to your Okta implementation. This gives your users the ability to enter a single set of login credentials to access the Procore application and any other third-party system that your company Administrator has integrated with Okta (e.g., Salesforce, Marketo, etc.).  

Things to Consider

  • Required User Permissions:
    • Your user account for Okta must be associated with the appropriate Administrator Role. To determine the appropriate role to use, visit Administrator Roles  on Okta's support website.
    • Your user account for Procore must be granted 'Admin' level permissions to the Company level Admin tool. See Admin (Company Level).
    • Your company's Okta administrator must configure the Okta integration for all of your Procore users. 
  • Additional Requirements:
    • To configure Procore for Okta's SAML 2.0, you must obtain your company's unique Single Sign On Issuer URL and Single Sign On x509 Certificate as described in the steps below. 
  • Supported Versions:
    • Procore is now an Okta Verified application that can be integrated with Okta using the Security Assertion Markup Language (SAML 2.0). 
      Okta Preview Release 2015.51 or newer.
  • Limitations:
    • Procore users will not be permitted to log in through Okta unless your Okta administrator has configured the system for login by all users. 
    • Okta is not support by Procore on mobile devices.
    • After Okta is configured, Procore users should not change their password as it may affect their ability to log in through Okta.

Steps

Add the Procore Application to Okta

The first step is to add your company's Procore site to your company's Okta account. If your organization has more than one Procore company account, be sure you know the Procore site address for the site you intend to integrate with Okta. 

  1. Navigate to to Okta: https://www.okta.com/login/​
  2. At the Get in to Okta page, enter your company's unique Okta Site Address. Then click Submit.
    NoteIf you do not know your site address, contact your organization's Okta Administrator to obtain it.


     
  3. At the Sign In page, sign into Okta using an account associated with the appropriate Administrator role. Then click Sign In.


     
  4. Click the Admin button.


     
  5. On the right-side of the Dashboard page, under Shortcuts, click Add Applications.

  6. In the Add Application page, type Procore in the search field. When the Procore application appears, click Add


     
  7. In the Add Procore page, type the following information:
  • Type Procore in the Application Label field. 
  • Leave the Application Visibility checkboxes blank. 
  • Then click Next
  1. In the Assign People to Procore page, select which users should be allowed to view the 'Procore' application button when they log in to Okta. Select users individually using the checkboxes or click the "Select All" option. The click Next.
  2. Click Done.
  3. In the Procore application page, click the Sign On tab. Then scroll down the page and then click the View Setup Instructions button.


     
  4. Leave Okta open in your web browser.
  5. In a new browser window, log into the Procore application. 
    Important: You must log into Procore with an account that has been granted 'Admin' level permissions to the Company level Admin tool.
  6. In the Okta browser window, copy the following strings in the Okta page:
  • Identity Provider Single Sign-On URL. This provides the sign on URL that Procore requires in order to use Okta as the identity provider for the Procore application. 


     
  • X509 Certificate. This is the key certificate required for the SSO integration. It defines Okta as the certificate authority for the Procore application. When copying this string, do NOT copy the "------------BEGIN CERTIFICATE------------" and "------------END CERTIFICATE------------" markers. You should only copy the text that resides between these markers. 

Configure Procore's Company Settings for SSO

Login into Procore using an account that has 'Admin' permission to the Company level Admin tool. 

  1. Navigate to the Company level Admin tool.
  2. On the 'Company Settings' page, do the following:
    • Single Sign On Issuer URL
      Paste the 'Identity Provider Single Sign-On URL' that you copied from Okta into this field.
    • Single Sign On x509
      Paste the 'X509 Certificate' that you copied from Okta into this field. 
      Important: When copying the certificate information from Okta, do NOT copy the "------------BEGIN CERTIFICATE------------" and "------------END CERTIFICATE------------" markers. You only want to copy the text that resides between these markers. 
    • Single Sign On Target URL. Always leave this field blank to avoid redirecting users to an unsupported login page. A target URL is NOT supported by the Okta SSO solution. 

  3. Click Save Changes.

You should now log into Okta or have an end user log in to verify your configuration settings were entered correctly.  See How Do I Log Into Procore Using Okta (SSO).

You must to post a comment.
Last modified
15:37, 21 Feb 2017

Tags

Classifications

This page has no classifications.