SSO: Okta integration

Available on Core, Plus, Select, and Enterprise plans
Tip: You’ll need Admin or Account Owner access to your Dscout account to set up SSO. If possible, we also recommend partnering with your organization’s IT team as they will be most familiar with your organization’s security details and systems.

Single sign-on (SSO) is a faster, easier, and more secure way for users to log in to the Dscout platform. SSO works by establishing a connection between a service provider (SP)—in this case, Dscout—and an identity provider (IdP) like Okta, OneLogin, or Google. Once configured, Dscout can rely on your IdP to authenticate users rather than requiring users to enter a standard set of credentials like an email and password.

Dscout supports the following methods of SSO:

Dscout offers a dedicated Okta integration to help speed up SSO configuration. With this integration, you can set up:

  • IdP-initiated SSO.
  • SP-initiated SSO.
  • SCIM user provisioning.

This article walks you through enabling SSO using the Okta integration. To learn how to set up SCIM user provisioning using this integration, see Dscout and Okta SCIM integration.

Contents

Prerequisites

To use Dscout’s Okta integration, you must have a administrative access to an existing Okta account.

Enable SSO using the Okta integration

Enabling SSO using the Okta integration requires configuration in both Okta and Dscout. The following process will have you start in Okta. Then, you’ll complete the configuration in Dscout. Finally, you’ll test your configuration and turn it on for your Dscout users.

Configure Okta

Dscout’s Okta integration takes care of the most of the required SSO configuration. However, you’ll need to enter a few details about your specific Dscout account, as well as confirm the users you want to have access to Dscout are assigned properly in Okta.

To configure Okta:

  1. Add the Dscout integration to your Okta account.
  2. From your Okta Admin Console, navigate to Applications > Dscout.
  3. Click the Sign On tab.
  4. Under Settings, click Edit.
  5. Enter https://app.dscout.com/efflux/home/<ACCOUNT_ID> in the Default Relay State field.
    Note: Be sure to replace <ACCOUNT_ID> with your actual Dscout account ID. You can find this in the URL of any page within Dscout. For example, in the URL app.dscout.com/account/home, account is the account ID.

    relay_state.png
  6. Under Advanced sign-on settings, enter your Dscout account ID in the Account ID field. This is the same account ID as used in the previous step.
    account_id.png
  7. Click Save. Okta will provide you with an XML metadata file. Save this for use in the next section.
  8. Navigate to the Assignments tab and assign Dscout to any users or groups you want to have access to the application.

With the above complete and your metadata file on hand, you’re ready to configure SSO within Dscout.

Configure Dscout

Now that you’ve configured Okta and have your metadata file, you’ll configure SSO in Dscout. In this section, you’ll set up SSO in test mode so you can ensure it’s working properly. Later, you’ll test your configuration and enable it.

To configure SSO in Dscout:

  1. From the Dscout dashboard, click Account management.
    SAML_SSO_01.png
  2. Select the Settings tab.
  3. Select SSO in the sidebar.
  4. Click Edit.
    SAML_SSO_02.png
  5. Select SAML from the Authentication type drop-down.
  6. Select Test mode from the Status drop-down.
    SAML_SSO_03.png
  7. Under SSO enforcement select which users to require SSO to log in. You have the following options: 
    • Only require users with specified email domain to use SSO. (Recommended if your Dscout account is accessed by users outside of your organization. For example, contractors or consultants.)
    • Force everyone regardless of email domain to use SSO. (Recommended if your Dscout account is only accessed by users inside of your organization.)
  8. (If applicable) Enter the SSO domain you want to require SSO when logging in.
    SAML_SSO_04.png
  9. Enter email in the Mapping attribute field.
  10. Copy and paste the metadata provided by Okta into the Metadata (XML) text box.
  11. Click Save.

Now, your SSO configuration has been saved in Test mode. The means that users can still sign in using their standard email and password, but they also have the option of using SSO. Next, you’ll test your configuration to ensure it’s working properly, then enforce it.

Test your SSO configuration

With SSO in Test mode, have one of your Dscout users attempt to log in using SSO. This user should be someone with your company’s domain to ensure the test is accurate. If the user runs into any issues, revisit the steps for configuring both Okta and Dscout to ensure all settings are correct. Once the user is able to log in using SSO without any problems, proceed to the next section.

Enable SSO in Dscout

Once you’ve tested your SSO configuration and have verified it’s working as expected, the next step is to enable it for all users. Once SSO is enabled, it will be enforced for either all users or all users with your company domain (depending on your SSO enforcement selection).

To enable SSO:

  1. On the SSO settings page, click Edit beside your SSO configuration.
  2. Select Enabled from the Status drop-down.
    SAML_SSO_05.png
  3. Click Save.

Now, you’re brought back to the SSO settings page where you’ll see that SSO is set to Enabled. Users currently logged in to Dscout will not be logged out, but users will be prompted to use SSO the next time they log in to the platform.

Disable Okta SSO

If you no longer wish to use SSO on your Dscout account, you can disable it from the SSO page of your account settings.

To disable SSO:

  1. From the Dscout dashboard, click Account management.
  2. Select the Settings tab.
  3. Select SSO in the sidebar. The SSO page appears showing your current SSO configuration.
  4. Click Edit.
  5. Select Disabled from the Status drop-down.
    SAML_SSO_06.png
  6. Click Save.

Now, SSO is disabled for your Dscout account. Users currently logged in will not be logged out, however they will be prompted to use their standard email and password credentials the next time they log in to the platform. If you want to turn SSO back on, simply set the Status to Enabled again, but be sure your IdP details are still the same. If your IdP details have changed, complete the configuration like new.

Troubleshooting Okta SSO

If you encounter any errors while setting up SSO using the Okta integration, use the following troubleshooting tips to resolve them.

Users belonging to multiple Dscout accounts

It’s possible for a single user to belong to multiple Dscout accounts. However, a single user account can only be associated with one Dscout account where SSO is enabled. You have two options to resolve this issue:

  • Work with the listed user(s) to identify any of your organization’s Dscout projects they need to maintain access to. Then, have the user create a new account using a different email address that you can grant access to your Dscout account as well as the necessary projects. Finally, delete the user’s old account from your Dscout account. Once all conflicts have been resolved, you will no longer see this error and can proceed with enabling SSO.
  • If the listed user(s) would rather keep their current account associated with your Dscout account, or if they don’t know which other Dscout account they might be associated with, have them reach out to support@dscout.com for help resolving the conflict. Once all conflicts have been resolved, you will no longer see this error and can proceed with enabling SSO.
Note: Dscout will allow you to turn SSO on in Test mode if it is also set to Test mode in the Dscout accounts where you have conflicting users. Follow the guidance in your specific error message to proceed, but be aware this could cause conflicts for other Dscout administrators if they attempt to change the status of their SSO configuration.

Was this article helpful?

1 out of 2 found this helpful
Have more questions? Submit a request

Articles in this section