OKTA is an identity management service that eliminates username and password struggles.

What you can do with Profit.co – OKTA Integration

  • With your OKTA single sign-on, you can access Profit.co OKR software using your existing company credentials.
  • You can Import users from Profit.co to create new OKTA user

You must have OKTA admin access to perform the following steps:

Step 1

To enable OKTA single sign-on, you first need to add the Profit.co app in your OKTA application dashboard.

Navigate to your OKTA Admin account. Click on the Admin tab.

OCTA-Admin

Step 2

Once you click on the Admin tab, you will be navigated to the Application dashboard. On the Applications page, from the left panel select Applications. Now select Browse App Catalog.

Applications

Search for the Profit.co application.

Browse App

Click on Add button to add the Profit.co application.

Add Profit.co App

Step 3

After adding the Profit.co app, click on the Settings icon against the app and select the Assign users button. You will see the list of OKTA users of your organization. Make sure you add yourself and add users to whom you would like to provide SSO access to Profit.co OKR software.

Assign-Users

Once you click on the Assign to users option, the status will be shown as Assigned against the user’s name.

Note: Once the Configuration steps are done, Admin should assign the required users to Profit.co App to sync into Profit.co (If the users are assigned already before configuration, they must be removed and should be Reassigned in this step).

Assign-to-people

Step 4

After assigning users to the application, click on the Profit.co app.

click Profit.co App

Now click on the Sign On tab, to navigate.

Sign On

Scroll down a bit and hit the View Setup Instructions button.

View Setup Instruction

Step 5

This will redirect you to the page called How to Configure SAML 2.0 for Profit.co. Scroll down, select and copy the issuer id and X509 certificate as shown below:

Note: Copy the text between BEGIN CERTIFICATE and END CERTIFICATE

OKTA Authorize

Step 6

Now in another tab, login to your Profit.co account and navigate to Settings → Integrations → SAML SSO.

Hit the Authorize button below the OKTA logo. Paste the issuer id in the pop-up and then press Register.

Regiter OKTA

Step 7

Now go to your OKTA End-User Dashboard tab in your browser and click on MyApps. You will be able to see the Profit.co app. Clicking on the app should take you to Profit.co OKR software without asking for your username and password.

My Apps

 

Configure OKTA User Provisioning for Profit.co

Features

The following provisioning features are supported:

  • Push New Users
    Users assigned to Profit.co OKTA App will be created in Profit.co User Management.
  • Push Profile Updates
    Updates made to the user’s profile through OKTA will be pushed to Profit.co User Management.
  • Push User Deactivation
    Deactivating the user or disabling the user’s access to the application through OKTA will deactivate the user in Profit.co User Management.
  • Reactivate Users
    User accounts can be reactivated in the application.
  • User Import
    Import users from Profit.co to create new OKTA users.

Requirements

You need Admin account access in Profit.co to get API Key and SCIM Key to form the SCIM Bearer Token.

Configuration Steps

To install the Profit.co application please refer to the above steps.

Credential-DEtails

Step 1:

Select Email for the Application username format on the Sign On tab in the Installed application and Save.

Step 2:

In the Provisioning Tab, Click the Edit button and Provide the Domain (if applicable) and Bearer token.

The domain should be either https://api.profit.co or https://eu2-app.profit.co

To generate the Bearer token go to Settings → Security → API Access and get the values of API Key and SCIM Key.

Form the Bearer Token in the following Format.
→ Bearer API_KEY: SCIM_KEY

API&SCIM Key

Step 3:

In the Provisioning to App module, click the edit button and enable all checkboxes
provisioning_to_app

Click on “Test API Credentials” and Save the configuration
test_api_credentials

The supported attributes are listed below,

  • Username
  • Given name
  • Family name
  • Primary email
  • Primary email type
  • Department
  • Job title
  • Active Status

Troubleshooting and Tips

Please reach us at support@profit.co if you face any issues in configuring this Integration.