Olive Helps SSO
Setting up SSO using SAML with Okta
Olive
If you choose to, you can download this logo to add as the app logo.
https://oliveai.auth0.com/login/callback?connection=YOUR_MAIN_EMAIL_DOMAIN
(with . replaced with - for example: oxgenhealth.org -> oxgenhealth-org)
Leave Use this for Recipient URL and Destination URL checked and Allow this app to request other SSO URLs unchecked.
urn:auth0:oliveai:YOUR_MAIN_EMAIL_DOMAIN
Leave “Default RelayState” blank.
EmailAddress
Create and Update
There is no need to expand the Advanced Settings section. Leave the defaults.
When you are finished with the SAML Settings - General section, it should look something like this.
To pass the needed fields to Olive upon login, you will need to set a few attribute statements. You should enter them one at a time and click Add Another to add all the statements.
You should set the attributes to the following values
Name | Name format | Value |
Basic | user.email | |
given_name | Basic | user.firstName |
family_name | Basic | user.lastName |
name | Basic | user.displayName |
When you are complete it should look like this.
You do not need to add any group attribute statements or preview the SAML Assertion. Once you finish the above, hit Next.
To finish saving your SAML configuration, choose I’m an Okta customer adding an internal app and leave the rest of the form blank, then hit Finish.
Clicking the above link will open a new tab in your browser. Copy that URL to email to your Olive rep. The URL should look something like this:
https://myoktadomain.okta.com/app/exk1wi23h2jjwiAXhZU123/sso/saml/metadata
Once you’re ready to have your employees log in to Olive Helps, you can assign groups or people to the app.
Once we receive your SAML configuration we will turn on your Okta integration so that your assigned users can sign into Olive Helps using your Okta account.
When a user from your organization logs in to Olive Helps, they will be met with a login screen to enter their email address and password. Once they enter their email address matching your email domain, the system will recognize that and switch to SSO mode, which means they won’t have to enter their password yet.
Once the user submits that SSO login, they will see an Okta login screen where they can log in using their normal Okta/SSO credentials.