To enable SSO with Okta, login as an owner of your FireHydrant organization, and click "Organization" on the left hand navigation. From there click "Single Sign On".

On this page, you'll see an "Enable SSO" checkbox. Make sure it is checked. Once checked off, you'll see additional fields appear asking for your identity provider specific information.


On Okta, head to the FireHydrant integration SSO page and click "View Setup Instructions"


On this page, copy the Single Sign On URL, Identity Provider Issuer, and X509 certificate values into the FireHydrant single sign on settings.

Domains

Domains are the email domains you send and receive from. For example, if your email is "[email protected]", you'll add "firehydrant.io" to this list. When a user visits the login page on FireHydrant instead of visiting Okta to login, when they type in their email they'll see a button appear to go to Okta instead.

Just in time provisioning

When a user is authenticated via Okta, they are automatically added to the organization with a "member" role if they do not have an account. Otherwise, accounts are matched on the email provided by Okta on a successful login.

Testing

It is recommended you leave your session in FireHydrant open and visit Okta in a new window or tab and attempt to login with your newly setup integration. This is to prevent getting locked out of your account in the setup process. If you do encounter a lockout, please email [email protected] and we'll help you get back in.

Did this answer your question?