This feature is only available to Enterprise account
Last Updated: 2021-10-08
The setup process for Okta may have changed since this
was created, and you may need to follow slightly different
instructions.
Set up Runn
Visit Account Settings and press Edit
Add an Alias, which is used for easily identifying your account.
Turn on SAML SSO
Press Save
Edit account settings again, and you will see the SAML Settings box.
Keep this page open and visit Okta in a new window.
Set up Okta
Goto Applications and select Create App Integration
To create a SAML integration select SAML 2.0 as the Sign-on Method
Select your app name as Runn and press next
For Single sign on URL copy the Runn SSO Callback URL from Runn's settings page. It will look something like
https://app.runn.io/users/auth/saml/callback?account=r7nh3nd
For Audience URI (SP Entity ID) copy the Issuer field from Runn's settings page. It should be your account name with underscores.
For Name ID format select EmailAddress
Add two Attribute Statements
Name:
emailaddress
Value:user.email
Name:
name
Value:user.displayName
Click the Next button
Skip the feedback.
Change to the Sign On tab if you aren't there already. Then click "View Setup Instructions"
Copy the Identity Provider Single Sign-On URL and paste it into the Runn's setting page under SSO Target URL
Ignore the Identity Provider Issuer
Copy the X.509 Certificate and paste it into Runn's setting page under IDP Certificate
Finish setup Runn
In the Runn setting page
Update Email Claim to
emailaddress
Update Name Claim to
name
Press the Save on the SAML Settings box
Testing
Logout of the account
On the login page, click Sign in with SSO
Enter the Account Alias you selected earlier
After pressing Sign In you should be redirected to Okta. If this fails it means something went wrong in the setup process.
After logging in via Okta you should be redirected to Runn's planner. If you are redirected to an error page. See if there is an error message in the bottom right of the page that has more information.
Trouble Shooting
The SSO url being incorrect. Ensure the Sign on URL looks like this, including the ?
account=
part.https://app.runn.io/users/auth/saml/callback?account=r7nh3nd
The email and name claim being incorrect. Ensure they are the same attribute values between Okta and Runn
There is no user with that email address in the account
There is no invitation to the user in that account. Sign sign on only works for current account users and invited account users.