Watch this video or follow instructions below.
Note: You must have the owner or admin role in Donna to be able to configure SAML SSO.
To configure SAML SSO, go to https://app.askdonna.com and login using Google OAuth, Microsoft OAuth or a magic sign in link.
Go to Settings, Security and click on Configure next to SAML SSO.
Go to http://login.okta.com and login to Okta. In the Admin Console, go to Applications, Applications, and click on Create App Integration.
Select SAML 2.0 and click Next.
Enter an App name and click Next.
Copy the ACS URL from the Donna SAML SSO Configuration dialog and paste it in the Okta Single sign-on URL field.
Copy the SP Entity ID from the Donna SAML SSO Configuration dialog and paste it in the Okta Audience URI (SP Entity ID) field.
Select EmailAddress for the Name ID format.
(Optional step) Click Show Advanced Settings.
(Optional step) From the Donna SAML SSO Configuration dialog, download the Signing certificate and the Encryption certificate.
(Optional step) In Okta, click Browse files… next to Signature Certificate and upload the Donna Signing Certificate.
(Optional step) Select Encrypted for Assertion Encryption and click Browse files… next to Encryption Certificate and upload the Donna Encryption Certificate.
Click Next.
Click Finish. You now on the Sign On tab of the newly created Okta application
On the Sign On tab in Okta, click the Copy button below the Metadata URL to copy Okta’s metadata URL.
On the Donna SAML SSO Configuration dialog, click Next to go the next step.
Paste the Okta’s metadata URL in the Donna Metadata URL field and click Verify.
Select the email domains that are allowed to use the SAML SSO and click Save.
The SAML SSO configuration is now completed.
To enable the SAML SSO login method, click on the switch next to Edit configuration button to enable it and click on Save. The SAML SSO login method is now enabled.
Note: When you disable and enable the SAML SSO login method, you will not lose the SAML SSO configuration.
In Okta on the newly created Donna application page, go to the Assignments tab.
Click Assign and click on Assign to People or Assign to Groups to either directly assign users or assign them through groups.
In the Assign dialog, click on Assign next to all users or groups you would like to assign, leave the Username unchanged, click on Save and Go Back and click on Done.
Go to https://app.askdonna.com
Click on Sign in with SSO.
Enter your email address and click Continue. You will be redirected to Okta.
Login to Okta and complete the Okta login process. After completing the Okta login process, you will be redirected back to Donna and be automatically logged in.
Make sure to test the SAML SSO login method before disabling other login methods!
In Donna, go to Settings, Security and disable other login methods you would not like your users to use and click on Save. Disabling other login methods allows you to enforce all users to login with SAML SSO.
