Single Sign-On (SSO) with Okta

You can enable Single Sign-On for the Pexip apps by integrating the Pexip Service with Okta.

Your account manager at your local certified Pexip Partner needs to open a ticket with the Pexip Support team using the Single Sign-On (SSO) Setup Request form, and you need to supply your partner with details of your Okta application.

Note that:

  • SSO for the Pexip apps is only available for Enterprise User License customers with a minimum of 10 user licenses, and is not available for trials.
  • There is no synchronization with the SSO service. It supports sign-in only; company administrators still need to initiate user invitations.

This article explains the steps you (the customer company administrator) need to perform:

  1. Create a custom SAML app integration in Okta as described in this Okta article.

    The flow is shown below.

    1. Select Create App Integration.

    2. Select SAML 2.0.

    3. Enter an App name, for example "Pexip SSO".

    4. Configure the SAML settings:

      • Single sign-on URL: this is the Pexip Assertion Consumer Service — https://api.vp.vc/api/auth/v1/saml/response
      • Audience URI (SP Entity ID): this is the Pexip Entity ID — https://api.vp.vc/api/auth/v1/saml

      All of the other values under SAML settings are optional.

  2. After completing the SAML wizard you need to assign users or groups to the newly created application.

  3. Go to the Sign On tab and in the bottom right-hand corner select View SAML Setup Instructions.

  4. This takes you to a new tab that provides you with all of the values and certificate information that you need to give to your Pexip partner:

    • Identity Provider Single Sign-On URL
    • Identity Provider Issuer
    • X.509 Certificate

Pexip support will then enable your organization for SSO, and the users/groups you have added to the application will be enabled to use SSO.