How to self-configure SSO with Okta

Loom uses single sign-on (SSO) for Enterprise users to simplify the sign-in process and allow access to Loom using one authentication source, Okta. Your Workspace must be subscribed to the Enterprise plan if you wish to set up SSO.

If you're the admin of your company's Loom account, you can configure SSO using the following steps:

  1. Go to manage workspace by clicking on your organization's name at the top left of your screen.

    May-12-2020_09-39-00.gif
  1. Open the security tab on the right.

  2. Toggle on Single Sign On (SSO).

    Screen_Shot_2020-05-13_at_5.18.47_PM.png

  3. Select Okta as your IdP for configuration. We don't currently support other IdPs, but we will soon. Keep this tab open, as you'll be returning to your Loom workspace later.

    Screen_Shot_2020-05-18_at_3.18.53_PM.png
  1. Open up your Okta admin portal and set up a new application using the Applications tab. Select SAML 2.0 as your sign on method. Configure your new integration by naming it Loom and adding a logo if you want.

    Screen_Shot_2020-05-12_at_2.15.47_PM.png
  1. Configure your new integration by naming it Loom. You'll also want to check the boxes to prevent displaying the app icon to users.
    Screen_Shot_2020-05-15_at_10.34.43_AM.png
  2. You'll now see Okta's SAML Settings. Start with the General section below. You'll need to grab some information from Loom and input it into Okta:

    β€’ Paste the SSO URL from Loom into the Single sign on URL field on Okta.
    β€’ Paste the Audience URI from Loom into the Audience URI (SP Entity ID) field on Okta.
    β€’ For Name ID format, choose EmailAddress.
    β€’ For Application username, choose Email.
    β€’ For Update application username on, choose Create and update.

    Screen_Shot_2020-05-12_at_2.21.37_PM.png
  1. Scroll down to Attribute Statements in Okta. You'll need to map your fields:

    β€’ For email, map to the value within your organization's Okta setup.
    β€’ For firstName, map to the value within your organization in Okta. Note: It's important to follow the same capitalization format in your organization when you add this name.
    β€’ For lastName, map to your organization's Okta value as well. Capitalization matters here, too.

    Loom doesn't yet support group attribute statements, so you can leave that portion blank.

    Screen_Shot_2020-05-12_at_2.24.44_PM.png
  1. Hit next and fill out the final Okta form according to your own preferences. This won't impact anything in your Loom workspace.

  2. Your application is ready! You'll now need to take some information from Okta and bring it back to your Loom portal. Start by clicking View Setup Instructions in your Sign on Methods settings.

    β€’ Paste your IdP SSO URL under Identity Provider Single Sign-ON URL in your Loom Workspace settings where it says Single Sign-On URL.

    πŸ‘‰Note: Okta provides two URLs in its setup instructions. Make sure you don't accidentally copy the Identity Provider Issuer by accident.

    β€’ 
    Upload your X.509 Certificate from your setup instructions in Okta (you'll see the option to download this) to your Loom Workspace settings.

    Screen_Shot_2020-05-12_at_2.30.07_PM.png

  1. In your Loom workspace settings, add the domains you want to authorize. You'll also need to choose destinations to send a verification email (admin@domain.com, for example). After adding the domains, you'll see that they're listed as pending validation.

  2. Check to make sure that there are no users with outside domains already invited to your Workspace. If there are any existing members of your workspace with domains other than domain.com, they'll be blocked from logging into Loom. Save these settings.

  3. Check the email you listed as the destination for your verification email in step 11. You should receive a message from Loom verifying the domain. After verifying the domain, you'll see that your domain is now verified in your Loom security settings and listed as an authorized domain.

  4. SSO is now turned on and can be toggled on and off by an admin. All users with your authorized domains will be required to authenticate via SSO.

  5. Add all users on your team or organization to the application in Okta. This will make it easier for Workspace members to invite their teammates. Inviting them through Loom as well will give them an email invitation to easily sign up.

    πŸ‘‰Note: Loom does not currently support IdP-Initiated SSO, but we recommend you bookmark the Loom application in Okta so that your team can access it from the Okta Portal. You'll also want to check the boxes to prevent displaying the app icon to users. You can do this in from Okta in the General Tab for managing the application.

    Screen_Shot_2020-05-14_at_3.40.37_PM.png

Here's a video walkthrough of these steps:

 

Questions, comments, concerns? Contact us here πŸ‘ˆ   

Happy Recording! πŸŽ₯ πŸ˜„

0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.