Okta SSO Setup Guide - App Catalog
Updated over a week ago

Overview

This guide is intended to help get Reclaim.ai setup for authentication via Okta and the Reclaim App from the Okta App Catalog.

If you need any additional assistance beyond this guide, please reach your to your Reclaim.ai contact/rep, or support via our website and/or [email protected].

Pre-Requirements

  1. Setup on a Reclaim.ai Team Enterprise Plan

  2. Have your domain enabled/configured for SSO on Reclaim.ai

  3. Your Reclaim.ai Customer SSO Slug

  4. Administrator access to your Okta Account/Dashboard

For 1-3 - work with your Reclaim.ai contact/rep.

Supported Features

Currently only SP-initiated is supported; IdP-initiated SSO is coming soon!

Install the Reclaim App from the Okta App Directory

  1. Login to Okta as an Admin

  2. Applications click the Browse App Catalog.

  3. Search for "Reclaim.ai" and click on the Reclaim.ai App/Logo

  4. From the Reclaim.ai App page click the "Add Integration" Button

  5. Add an Application Label (Suggestion: Reclaim.ai) and click Done

  6. Set the Customer SSO Slug (get this from your Account Manager/Rep or contact [email protected]); this will configure the Login URI which will end up being https://api.app.reclaim.ai/oauth/callback/Customer-SSO-Slug.

    1. On the Reclaim.ai App click "Sign-On" and then "Edit"

    2. Simply enter your Customer SSO Slug under Advanced Sign-on Settings for the Reclaim.ai App you just added.

    3. Click "Save"

  7. Once the App is added, you will have to assign users to the app under the "Assignments" tab. This will enable to users to log into Reclaim.ai app using Okta. To add users, navigate to the Assign to People option under Assign option on Assignments Page. If you already have a group you can choose the Assign to Groups option and assign the entire group.

Provide the Okta Client ID and Secret and Issuer URL to Reclaim

The last step is to provide Reclaim with the client id and secret of the application you just created. This is sensitive information so should be provided in a secure manner! Suggestions on how to do so are included below.

We will also need your Okta issuer URL, this usually something like https://<your org>.okta.com. You can find this in the account dropdown at the top right of Okta:

The Client ID and Secret is available on the “Sign-On” tab for the Reclaim.ai application we just added.

To send us your Client ID and Secret, feel free to use whatever One-time Secret tool/website you usually use, or another secure communication channel of your preference.

Otherwise, we typically use and recommend: https://onetimesecret.com/

Simply copy and enter the Client ID and Secret as separate lines and choose a reasonable expiration and send us the link, along with the Okta Issuer URL via email to your Reclaim contact, and [email protected]. If you would like to password protect it please feel free to do so and send us that via a different channel (ie: Slack, Zoom call, etc..).

Once we have the issuer URL, client id and secret we will configure the login method on the Reclaim side to redirect to this configuration for your domain.

We typically co-ordinate flipping/enabling SSO so you can inform and be available to support your users on the new login flow, but can do this async or at a scheduled time of your choosing.

Log into Reclaim via SSO from Reclaim (Service Provider)

To login to Reclaim via SP (Service Provider initiated flow), see below:

  1. After completing all the steps above, simply goto the same Login Page for Reclaim.ai (https://app.reclaim.ai/login) but from now on click the "Login with SSO" link

  2. Enter your email (which should likely match what you use to log in to Okta) and click the "Log in with SSO" button

  3. If you are not already logged into your Okta account, you will be directed to the login page. Fill in your credentials and sign into the account.

  4. You will now be logged into Reclaim.ai and should see the Planner.

Log into Reclaim via SSO from Okta (IdP)

To login to Reclaim via Okta Dashboard (IdP initiated flow), see the instructions below:

  1. Ensure you have created a Okta Bookmark App for Reclaim (this is how Okta enables IdP initated login flow for OIDC SSO); see this help article:

  2. Ensure the appropriate Okta users and/or groups have been assigned the app per the above instructions.

  3. To log in to Reclaim via Okta, simply click the link which will take you to the Planner:

Did this answer your question?