Requirements
- Admin access to an Okta tenant
That’s it for requirements! All Ben instances are configured for SAML by default, so you just need to follow the rest of the guide to get up and running
Supported Features
- IdP-initiated SSO
- SP-initiated SSO
For more information on the listed features, visit the Okta Glossary.
Configuration Steps
<aside>
⚠️
Enabling SAML will affect all users who use the Ben app. Ben doesn't provide a backup sign-in URL where users can sign in using their regular username and password. If necessary, contact Ben Support ([email protected]) to turn off SAML for your instance.
</aside>
- In the Okta dashboard, navigate to Applications and then select the Applications sub-menu.
- Click on Browse App Catalog and search for “Ben” and add the application.
- Click the Sign On tab on the application and copy the Metadata URL
- Contact the Ben Support team ([email protected]) and request that they enable SAML for your account, including the Metadata URL with your request
- The Ben Support team will process your request and will provide you with the Customer ID value
- In Okta, select the Sign On tab for the Ben app, then click Edit.
- Scroll down to Advanced Sign-on Settings.
- Enter your Customer ID (step 5) into the corresponding field.
- Click Save.
SAML attributes
The required SAML claims are preconfigured in the marketplace app, but just in case you need them, we’ve compiled them in the table below:
| Name |
Value |
| email |
user.email |
| given_name |
user.firstName |
| family_name |
user.lastName |
SP-initiated SSO
- Navigate to ben.thanksben.com