Documentation

Configure SSO via Okta

Suggest Edits

SAML Configuration

Below are the steps for setting up SAML with Okta:

Obtain Your Sublime Single Sign-on URL

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to SAML
  3. Copy/take note of the Single Sign-on URL. You'll use this URL in the next section when configuring SAML for your Okta application.

Okta Configuration

  1. Sign into your Okta admin console
  2. On the left-side navigation bar, navigate to Applications > Applications
  3. Select Create App Integration
  4. In the modal that opens, select Sign-in method of SAML 2.0
  1. Click Next
  2. Provide an App name, such as "Sublime Platform"
  3. Optionally add a logo. You can download the Sublime logo here.
  4. Click Next
  5. For Single sign-on URL, paste the Single Sign-on URL you copied from the Sublime dashboard
  6. Be sure Use this for Recipient URL and Destination URL is checked
  7. For Audience URI (SP Entity ID), also paste the Single Sign-on URL you copied from the Sublime dashboard
  8. For Name ID format, select Email Address
  9. For Update application username on, select Create and update
  10. Leave all other settings as their defaults
Example completed configuration

Example completed configuration

  1. Click Next
  2. Click Finish
  3. Click the Sign On tab of the new Okta app
  4. Copy the Metadata URL
Metadata URL to be used for Sublime

Metadata URL to be used for Sublime

Add SAML Settings to Sublime

  1. In Sublime, navigate to Admin > Account
  2. Under Authentication, click the button next to SAML
  3. Under Metadata URL, paste the metadata URL you copied from Okta
  4. Click Save

Test SAML Configuration

  1. Add/Ensure the expected user(s) to test are present in both the Sublime Console and the Okta Sublime Application.
  2. In the Single sign-on section of the the Sublime Enterprise app, Click Test and then Test Sign-on
    1. If successful, you can now change the Sublime Allowed methods config to disable username/password login.
    2. If unsuccessful, please double check all fields with URL values across both platforms and contact us if you're still running into any issues 👋

OIDC Configuration

Below are the steps for obtaining OIDC settings via Okta.

Open the OIDC settings modal in Sublime:

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to Open ID Connect
  3. Copy/take note of the Redirect URI. You'll use this URL in the next section when configuring OIDC for your Okta application.

Okta Configuration

  1. Sign into your Okta admin console
  2. On the left-side navigation bar, navigate to Applications > Applications
  3. Click Create App Integration
  4. In the modal that opens, select Sign-in method of OIDC - OpenID Connect
  5. Select Application type of Web Application
  1. Click Next
  2. Provide an App integration name, such as "Sublime Platform"
  3. Optionally add a logo. You can download the Sublime logo here.
  4. In the Grant type section, under "Advanced" select Implicit (Hybrid)
  1. In Sign-in redirect URIs, paste the Redirect URI from Sublime
  2. Remove the default entry in Sign-out redirect URIs
  3. In the Controlled access section, select your preferred option
  4. Click Save
  5. Click the Edit button in the General Settings section
  6. In Login initiated by, select Either Okta or App
  7. In Initiate login URI, paste the Initiate login URL from Sublime
  8. Next to Application visibility, check Display application icon to users and optionally check Display application icon in the Okta Mobile app
  9. Click Save
  1. Note the Client ID and Client Secret from the current page

  1. Click the Sign On tab

    1. Note the Issuer URL under OpenID Connect ID Token
    2. Ensure the Issuer URL is set to Okta URL

  2. You'll use the Client ID, Client Secret, and Issuer URL you noted in the next section.

Add OIDC Settings to Sublime

  1. Log into the Sublime Platform
  2. Navigate to Admin > Account
  3. Under Authentication, click the button next to Open ID Connect
  4. Enter your OIDC Issuer URL, Client ID, and Client Secret
  1. Click the Save button

Test OIDC Configuration

You should now be able to sign into Sublime with your OIDC identity provider. You can verify the integration is working by either selecting the Sublime Platform application in Okta, or by loading the Initiate login URL from your OIDC settings in Sublime.

📘

Matching User Required

For a user to successfully sign into Sublime with your OIDC identity provider, there must already be a matching user with the same email address in Sublime.

Updated about 20 hours ago