This guide is intended to help get Reclaim.ai setup for authentication via Okta and the Reclaim App from the Okta App Catalog.
If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].
Setup on a Reclaim.ai Team Enterprise Plan
Have your domain enabled/configured for SSO on Reclaim.ai
Your Reclaim.ai Customer SSO Slug
Administrator access to your Okta Account/Dashboard
For 1-3 - work with your Reclaim.ai contact/rep.
Currently only SP-initiated is supported; IdP-initiated SSO is coming soon!
Install the Reclaim App from the Okta App Directory
Login to Okta as an Admin
Applications click the Browse App Catalog.
Search for "Reclaim.ai" and click on the Reclaim.ai App/Logo
From the Reclaim.ai App page click the "Add Integration" Button
Add an Application Label (Suggestion: Reclaim.ai) and click Done
Set the Customer SSO Slug (get this from your Account Manager/Rep or contact [email protected]); this will configure the Login URI which will end up being https://api.app.reclaim.ai/oauth/callback/Customer-SSO-Slug.
Once the App is added, you will have to assign users to the app under the "Assignments" tab. This will enable to users to log into Reclaim.ai app using Okta. To add users, navigate to the Assign to People option under Assign option on Assignments Page. If you already have a group you can choose the Assign to Groups option and assign the entire group.
Provide the Okta Client ID and Secret and Issuer URL to Reclaim
The last step is to provide Reclaim with the client id and secret of the application you just created. This is sensitive information so should be provided in a secure manner! Suggestions on how to do so are included below.
We will also need your Okta issuer URL, this usually something like https://<your org>.okta.com.
The Client ID and Secret is available on the “Sign-On” tab for the Reclaim.ai application we just added.
To send us your Client ID and Secret, feel free to use whatever One-time Secret tool/website you usually use, or another secure communication channel of your preference.
Otherwise, we typically use and recommend: https://onetimesecret.com/
Simply copy and enter the Client ID and Secret as separate lines and choose a reasonable expiration and send us the link, along with the Okta Issuer URL via email to your Reclaim contact, and [email protected]. If you would like to password protect it please feel free to do so and send us that via a different channel (ie: Slack, Zoom call, etc..).
Once we have the issuer URL, client id and secret we will configure the login method on the Reclaim side to redirect to this configuration for your domain.
We typically co-ordinate flipping/enabling SSO so you can inform and be available to support your users on the new login flow, but can do this async or at a scheduled time of your choosing.
Log into Reclaim via SSO from Reclaim (Service Provider)
To login to Reclaim via SP (Service Provider initiated flow), see below:
After completing all the steps above, simply goto the same Login Page for Reclaim.ai (https://app.reclaim.ai/login) but from now on click the "Login with SSO" link
Enter your email (which should likely match what you use to log in to Okta) and click the "Log in with SSO" button
If you are not already logged into your Okta account, you will be directed to the login page. Fill in your credentials and sign into the account.
You will now be logged into Reclaim.ai and should see the Planner.
Log into Reclaim via SSO from Okta (IdP)
To login to Reclaim via Okta Dashboard (IdP initiated flow), see the instructions below:
Ensure you have created a Okta Bookmark App for Reclaim (this is how Okta enables IdP initated login flow for OIDC SSO); see this help article:
Ensure the appropriate Okta users and/or groups have been assigned the app per the above instructions.
To log in to Reclaim via Okta, simply click the link which will take you to the Planner: