SSO (SAML 2.0) Integration with Okta

Initial Setup
1. From the main page, use the panel on the left side of the screen to navigate to Applications
2. Click on Create App Integration

Applications

3. From the list in the dialog, select SAML 2.0, then click Next

image (18)

4. Assign an App Name and optional App logo, then click Next.

General Settings

Here is the logo we use

ContractSafe

Configuration
1. Login to ContractSafe.
     1. Go to Settings > Security & Integrations and enable Single Sign- On
    2. Generate a Saml2 Single Sign On URL and copy it for use later.
    3. In the Email Identifier name field enter emailaddress
2. Back in Okta, make the following changes to the SAML Settings tab according to the following image.
     1. Paste the URL you copied from step 1 into Single sign on URL and Audience URI (SP Entity ID)
     2. Set the Name ID format to EmailAddress and the Application username to Email
     3. Under Attribute Statements add emailaddress with the value user.email

Pasted Graphic 3

3. Then click Next, select a Feedback option, and then Finish
4. From the Sign On tab, click the View SAML setup instructions button

5. Still in Okta, navigate to the Assignments tab and then click the blue Assign. If you are using Groups, choose Assign to Groups. If not, choose Assign to People.
6. Assign the users or groups you’d like to grant access to ContractSafe. Ensure that their email address in Okta matches their email in ContractSafe exactly.

Pasted Graphic 7

7. Copy the provided IDP metadata and paste it to a file named ContractSafe.xml

8. Save that file and upload it to ContractSafe under Security and Integrations > Single Sign-On > Upload Metadata

9. Test!
10.  If you are experiencing any issues please contact us at support@contractsafe.com or just use the in-product help.

**Note that users must be added in both Okta and in ContractSafe with the same email address, in order for users to access ContractSafe through the SSO integration.