What is SSO?
Holistics provides Single Sign-On (SSO) functionality for customers in Professional Plan to access it through a single authentication source, like Okta. This allows admin users to better manage team access and keeps information more secure.
We use SAML (Security Assertion Markup Language), a standard that permits identity managers like Okta to safely pass authorization credentials to service providers like Holistics.
SAML SSO is only available for companies on our Professional Plan. Contact sales to learn more →
In order to authenticate your users with SSO/SAML in your organization, you need to Enable SSO. Navigate to
General Settings > Single Sign On > Enable Authenticate with SSO (SAML).
These are instructions for setting up Holistics SAML SSO with Okta. If you use a different identity provider and need assistance with configuration, please contact our support team.
You can always follow steps on Okta's website here:
Create a new application integration
- Platform: select
Webfrom the dropdown.
- Sign on method: select
Create SAML integration
- App name:
- You can download Holistics logo via this link
- Single sign on URL: found inside
Assertion consumer service URL.
- Audience URI (SP Entity ID): found inside
- Name ID format: Identifies the SAML processing rules and constraints for the assertion's subject statement. You could use
Unspecifiedsince Holistics does not require any specific format.
- Application username: Determines the default value for a user's application username. The application username will be used for the assertion's subject statement. You can select
- Attribute statements (our recommended mapping):
- email → user.email
- first_name → user.firstName
- last_name → user.lastName
Assign users to Holistics
Assignments tab, you can now assign users to Holistics. At this moment we don't
Automatically Create Accounts on Sign-in so you need to assign your users manually.
SAML Configuration for Holistics
General Settings, and select the
Single Sign Ontab. You should see this:
After that, you need to fill in the information to complete your setup. The information can be found in Setup Instruction of your Identity Provider
- Enforce SSO (Optional): In case you want anyone with an email on the domains configured can only use SAML SSO to log in, you can enable
Enforce SSO. However, please note that by enforcing SSO/SAML, your users who have currently logged in by Email or Google will be forced to log out. Make sure all of the current works have been saved and tested carefully before proceeding.