SSO via SAML 2.0 is only available on Vitally's enterprise plans. Contact [email protected], your account manager, or the team via live chat to discuss upgrading to a plan that supports SAML 2.0
In your Okta application settings, add a new application and select "Create New App." Choose "Web" as the platform and "SAML 2.0" as the sign on method:
Name the application "Vitally" and choose the appropriate visibility settings for your organization:
You can use the following image for the app logo:
Add the following settings to your SAML config. You'll need to "Show Advanced Settings" to add all of the encryption-related fields.
The encryption certificate you need is attached here:
The table here contains the configuration you should setup for the Vitally application's SAML settings:
Single sign on URL
Name ID format
Key Transport Algorithm
Enable Single Logout
Authentication Context Class
Honor Force Authentication
SAML Issuer ID
The end result will look like this:
You can configure Okta to send attributes about each user to Vitally that will be synced on login. Vitally supports the following attributes:
The user's first name
The user's last name
The user's permission level in Vitally. 1 = Restricted, 2 = Admin
The user's job title
The user's home timezone, used for sending windows and email notifications
The user's profile picture
We recommend setting up at least the firstName and lastName attributes:
Once you've setup Vitally as a service provider in Okta, we'll need to manually enable Okta as the identity provider in Vitally. From the Okta application, press View Setup Instructions:
Vitally will need all three pieces of information displayed on that page to finish setup:
Identity Provider SSO URL
Identity Provider Issuer
X.509 Certificate (Download this and send as an attachment to your Vitally contact)
That's it! When Vitally has completed our server-side setup, you'll be presented with the following login screen the next time you login!
Yes, Vitally supports SAML just-in-time provisioning. When a user logs in for the first time using SAML, a user will created for them in Vitally. If you've added the vitallyRole attribute, that will determine the user's permission level in Vitally. Otherwise, they will default to being a 'restricted' user.
No, password login is disabled as soon as SAML 2.0 login is enabled.
Existing user sessions will be valid for up to 7 days. Ask each of your users to log out and log back into Vitally to force them to immediately start using SAML login.