Set up OKTA Single Sign-On (SSO)

This guide provides all you need to know about configuring and testing your Okta single sign-on (SSO) integration with Perlego.

Table of contents

1. Configuration
   1. Create an application
   2. Attribute release
   3. Send your configuration details
2. Testing

Configuration

Before you start the configuration make sure:

• Your organisation is on the Enhanced or Ultimate plan OR you have purchased the SSO integration as an add-on. 
• You have access to the Okta portal with admin permissions.
• You have an SSO account you can test with (this might be the same email address as your admin account).
• You have the Perlego admin access link.

Create an application

You’ll need to set up an Application Integration specifically for Perlego. Guidance from Okta is available on their help site.

1. Sign in to your Okta account.
2. In the left sidebar, select Applications.
3. Click Create App Integration.

4. A modal should appear, allowing you to create an integration. Select OIDC - OpenID Connect.

5. Under Application Type, select Single-Page Application and click Next.

6. Complete the New Single-Page App Integration form.

   1. Enter a name for your new Application integration, preferably something that will be associated with Perlego.
   2. Ensure Grant type is set to Authorization Code.
   3. Enter https://perlego.com/login and https://www.perlego.com/login into the Sign-in redirect and Sign-out redirect URLs.

7. Scroll to the bottom of the form and select Skip group assignment for now.

8. Click Save. You should now be presented with a banner to say the application was created and a screen where you can view and edit your application.

9. You have two options for brokering access:

   • Grant access to all users.
   • Opt-in specific users and groups to Perlego.

   To grant access to all users, complete the following steps:

   1. Scroll down to the Federation Broker Mode section, click Edit .

   2. Click Enable Federation Broker Mode.

   3. Confirm by clicking Continue.

   4. Finally, click Save.

To opt-in specific users and groups to Perlego, choose to keep Federation Broker Mode  disabled and select users and groups to be able to use the SSO integration using the Application Assignments section.

Attribute release

We require the following attributes to be released for the integration to work:

userName

email

given_name

family_name

You can check this by navigating to Directory > Profile Editor and then clicking on the profile for the application integration that was created for Perlego.

Send your configuration details

Once you’ve created the application and released the required attributes, you’ll need to tell us your Okta domain and Client ID by completing the Single Sign-On set up form.

Here’s how you can find these details:

• Your Okta domain can be found by following the instructions on the Okta developer portal. It should look similar to this: [example.okta.com](<http://example.okta.com>)
• You’ll need to tell us the Client ID for the application integration created for Perlego, which can be found in the General tab of the Application page.

Testing

We’ll let you know when your account is fully configured and ready for testing. You’ll need an access link to test your account. You can either use the Admin Access Link we provide you or create one from the Organisation Subscription Manager.

• Open the access link and accept the terms and conditions .
• Click Create your account .
• You’ll be re-directed to the Okta authentication page.
• Enter your Okta credentials for your test account.
• Once entered you’ll be logged in to Perlego.

You can always check the account has been added by visiting the Perlego Organisation Subscription Manager.