SAML/SSO Authentication

What is SSO?

Holistics provides Single Sign-On (SSO) functionality for customers in Professional Plan to access it through a single authentication source, like Okta. This allows admin users to better manage team access and keeps information more secure.

We use SAML (Security Assertion Markup Language), a standard that permits identity managers like Okta to safely pass authorization credentials to service providers like Holistics.

Note

SAML SSO is only available for companies on our Professional Plan. Contact sales to learn more โ†’

In order to authenticate your users with SSO/SAML in your organization, you need to Enable SSO. Navigate to General Settings > Single Sign On > Enable Authenticate with SSO (SAML).

Okta setup

These are instructions for setting up Holistics SAML SSO with Okta. If you use a different identity provider and need assistance with configuration, please contact our support team.

You can always follow steps on Okta's website here:

Overview | Okta Developer

Create a new application integration

create-new-app

  • Platform: select Web from the dropdown.
  • Sign on method: select SAML 2.0.

Create SAML integration

general-settings

  • App name: Holistics
  • You can download Holistics logo via this link

SAML Settings

saml-settings

  • Single sign on URL: found inside Assertion consumer service URL.
  • Audience URI (SP Entity ID): found inside Identifier.

saml-config

  • Name ID format: Identifies the SAML processing rules and constraints for the assertion's subject statement. You could use Unspecified since Holistics does not require any specific format.
  • Application username: Determines the default value for a user's application username. The application username will be used for the assertion's subject statement. You can select Okta username.
  • Attribute statements (our recommended mapping):
    • email โ†’ user.email
    • first_name โ†’ user.firstName
    • last_name โ†’ user.lastName

Assign users to Holistics

In Okta's Assignments tab, you can now assign users to Holistics. At this moment we don't Automatically Create Accounts on Sign-in so you need to assign your users manually.

assignment

SAML Configuration for Holistics

  • Navigate to General Settings, and select the Single Sign On tab. You should see this:

    holistics-config

  • After that, you need to fill in the information to complete your setup. The information can be found in Setup Instruction of your Identity Provider

setup-instruction

  • Enforce SSO (Optional): In case you want anyone with an email on the domains configured can only use SAML SSO to log in, you can enable Enforce SSO. However, please note that by enforcing SSO/SAML, your users who have currently logged in by Email or Google will be forced to log out. Make sure all of the current works have been saved and tested carefully before proceeding.