Setup SSO with Okta

Set up Stomio for Managers in your Okta organization.

Contents

• Supported features
• Requirements
• Configuration steps
• Logging into Stomio using Okta
• Advanced topics

Supported Features

• Service Provider (SP) initiated sign in flow: The authentication occurs when the user attempts to log in to the application from Stomio.
• Identity Provider (IdP) initiated sign in flow: The authentication occurs when the user attempts to log in to the application from the Okta dashboard.

Requirements

• Admin access to a Stomio workspace
• Admin access to an Okta organization

Configuration Steps

1. Install Stomio for Managers

1. In the Okta Dashboard, navigate to Applications.

Okta Applications menu

2. Click the Browse App Catalog button.

Okta Browse App Catalog button

3. Search for "Stomio for Managers" and select it from the search results.

Search results for Stomio for managers

4. Click Add Integration to add it to your Okta organization.

Okta Add Integration screen for Stomio for managers

5. Finish the installation by clicking Done.

Finish adding Stomio for managers in Okta

2. Connect Stomio for Managers Application

1. In Stomio, go to Space > Integrations.

Stomio Space menu showing Integrations

2. Click the connect button in the Okta for Managers card under the Single Sign-On section.

Okta for Managers card in Stomio

3. In the Okta Dashboard, copy your Okta Organization URL from the top of your profile.

Copy the Okta organization URL from the profile menu

4. In Stomio, paste the URL into the corresponding input field.

Paste the Okta URL into Stomio

5. In the Okta Dashboard, copy the Client ID for your installation of Stomio for Managers (this was moved to Sign On on newer versions of Okta).

Copy the client ID from the Okta Stomio for managers app

6. In Stomio, paste the Client ID.

Paste the client ID into Stomio

3. Grant Cross-Origin Access to Stomio

1. In the Okta Dashboard, go to Security > API > Trusted Origins.
2. Select Add Origin and enter Stomio as the name for the organization origin.
3. In the Origin URL box, paste the Stomio URL: https://app.stomio.io
4. Make sure CORS and Redirect are selected. Click Save.

Logging into Stomio using Okta

There are two ways to log into Stomio. Remember to assign the users or groups that should be able to log in.

From Stomio

1. In Stomio, copy the link provided on the Okta for Managers setup page.

Copy the Stomio Okta sign-in link

2. Paste the link into your browser's URL bar and press enter.
3. You will be redirected to the Okta login page. Enter your credentials.
4. If successful, you will be redirected back to Stomio.

From Okta Dashboard

1. Log in to your Okta organization.
2. Click on the Stomio for Manager icon in the My Apps section.
3. You will be redirected to your configured Stomio workspace.

Advanced Topics

How to Map Okta User Attributes to Role in Stomio

Okta admins can optionally map a specific user attribute to a Stomio manager role. Available roles in Stomio:

• admin
• manager
• viewer

Important: This mapping only applies at new manager provisioning through Okta. Once the user is created in Stomio, role changes made by Admins inside Stomio are not synchronized back with the mapping in Okta.

Steps:

1. Decide what user attribute you want to use to map to Stomio's Role (e.g., a custom organization "Role" attribute).
2. Add a custom attribute stomio_role of type string to the appuser of the Stomio app.

Okta Profile Editor showing the stomio_role custom attribute

3. Map the custom user attribute to the stomio_role attribute.

Okta mapping from a custom user attribute to stomio_role

4. Once mapped, depending on the value of the custom attribute, the user will be assigned the corresponding role in Stomio upon provisioning.
5. Values must match exactly: admin, manager, or viewer. If not, the default role manager will be used.

How to Reserve a Specific Domain

To prevent users from creating a separate workspace using a specific email domain, contact Stomio support to verify and add the domain to your workspace.