This article outlines how to configure your account to authenticate via a SAML provider such as Okta.
You must first have a Great Question account created with an Enterprise plan.
Note: Work is still happening to have Great Question listed in the Okta Catalog and published to the OIN. For the time being the application will have to be created manually.
Step 1: Register application in Okta
Create application in Okta
- In Okta, navigate to the Applications tab and click Applications.
- Click Add application > Create new app.
- In the dialog, select SAML 2.0 as the sign on method.
- Click Create.
Okta Application Settings
- Map first_name to user.firstName
- Map last_name to user.lastName
- Map email to user.email
Step 2: Setting up application in Great Question
Obtain credentials for Great Question from Okta
Once the application is created, complete the following steps:
- From the Great Question application in Okta, click Sign on.
- From here, click View Setup Instructions.
- These are the credentials you need:
Add credentials to Great Question
From your account on greatquestion.co:
- Navigate to Company Profile in Account
- In the authentication form:
- toggle on SAML Authentication
- add "Identity Provider Single Sign-On URL" to Idp sso target url
- Add "Identity Provider Issuer" to Idp entity
- Add "X.509 Certificate:" to Idp cert
- Click Update Account
SAML is now set up on your Great Question account
Step 3: Signing in via SAML
Any user with access to Great Question in your Okta will automatically be able to sign in from their Okta profile. By default they will be provisioned with a free observer account
Users that already have accounts on Great Question can connect Okta and sign in via https://greatquestion.co/sso