Skip to main content

SAML SSO with Okta

Available on: Enterprise plan
Required role: Workspace admin

Single sign-on (SSO) allows for an easier and more secure way for your workspace members to access Epidemic Sound. To learn more and to get started, please check out Guide to SAML SSO. The rest of this page describes the process of configuring an Okta tenant for SAML SSO with Epidemic Sound.

Step 1: Find the SAML properties for your workspace

In the first step you need to add an app integration for Epidemic Sound to your Okta tenant. To complete this step you will need some values from your Epidemic Sound workspace.

  1. On epidemicsound.com, navigate to the menu at the top right of the screen and select Organization.
  2. Select the Identity & Provisioning tab
  3. Ensure at least a single verified domain has been registered to your workspace, it is a requirement for SAML SSO.
  4. Click the button Configure SSO. A modal dialog will appear with the SAML properties for your Epidemic Sound workspace.

Keep the tab open, you will need the values in the next step.

saml_properties_2.png

 

Step 2: Add Epidemic Sound to Okta

  1. In another tab, navigate to your Okta admin dashboard
  2. Select the Applications tab
  3. Choose Create app integration and select SAML 2.0
  4. Give you app integration a name, i.e. “Epidemic Sound” and optionally an icon/logo and click Next.
  5. On the tab Configure SAML, input the following:
    1. Single sign-on URL: Paste the ACS URL from the SAML Properties modal.
    2. Audience URI (SP Entity ID): Paste the SP Entity ID from the SAML Properties modal.
    3. Name ID Format: Set to EmailAddress
    4. Okta username: Needs to be an email address. This can be the Okta username if emails are used as username, or Email.
      okta_props.png
  6. Configure attributes: Add attributes for the following fields listed in the table below:
    Attribute Name Format Source
    FirstName unspecified user.firstName
    LastName unspecified user.lastName
  7. Complete the setup and then go to the Sign On tab.
  8. Copy the metadata URL by clicking the Copy button. You will need the metadata URL in the next step. The URL will have the following format: https://example.okta.com/app/<identifier>/sso/saml/metadata

 

Step 3: Enable SAML SSO in Epidemic Sound

On epidemicsound.com: In the Configure SSO modal (Identity & Provisioning tab):

  1. From the SAML properties step, click Next to get to the configuration step.
  2. Enter the metadata URL (recommended) that you copied previously and click Review metadata. The metadata should be parsed and displayed below. If the parsing fails you can still enter the required information manually. The metadata URL makes it easier to update the configuration later, for example to renew certificates.
  3. Review that the information looks correct and then click Enable SSO. When enabled SSO will be optional.
    edit_sso_config.png

 

We strongly recommend you to test logging in via SSO in an “incognito” window before requiring SSO to reduce the risk of being locked out. You can use the start URL: https://www.epidemicsound.com/sso/saml/[Tenant ID]/. The Tenant ID can be found at the SAML properties step of the Configure SSO modal.

You have now configured SSO. For more details or information on how to require your members to only login with SSO, see the main SSO guide.

Related articles