Single Sign-on

If you use a service that authenticates users, you can choose to allow single sign-on (SSO) into Oktopost. We support this feature using Security Assertion Markup Language (SAML) version 2.0 and higher.

Oktopost functions as a SAML Service Provider (SP), and depends on an external Identity Provider (IdP) to authenticate users. Once SSO is enabled, the IdP can validate a user's credentials. When a user wishes to use Oktopost, the IdP then sends a signed SAML message to Oktopost, acting as the SP. This message tells Oktopost that the user is authorized to use the software.

Note that users are provisioned manually by Oktopost and user permissions are maintained within Oktopost.

How to Setup Single Sign-on

First, go to Single Sign-On under App Settings, enable SSO and enter your Idp credentials:

  1. SAML Endpoint - Your Idp SSO URL.
  2. Issuer Id - Your Idp Issuer ID.
  3. X.509 Certificate - Your Idp certificate, .pem, .cert, .cer and .crt are supported.

Click Save, and you're done.

How to Send a SAML Request

Send the SSO request, which is a SAML response, to:

https://app.oktopost.com/auth/acs

Set the Entity ID to:

urn:oktopost:sp

And the Name ID format to EmailAddress.

Feedback and Knowledge Base