Enforce SAML single sign-on with Okta

In this article, you'll learn how to set up SAML SSO with Okta, allowing you to:

• Enable your users to be automatically signed in to Productboard using their Okta accounts.
• Manage your accounts in one central location – Okta.
• Change the default role settings for users managed in Okta, from contributor to admin, maker, or viewer.

Note: If you’re not planning to use SCIM provisioning and you want to configure the default role, please follow Enforce SAML single sign-on with the default role for new users in Okta section.

To learn more about SAML app integration with Okta, take a look at this official documentation.

In this article:

• Prerequisites
• Add Productboard to your list of managed SaaS apps
• Grant access to users
• Authorize SAML SSO in Productboard

Prerequisites

To get started, you'll need the following items:

• An Okta subscription. If you don't have a subscription, you can sign up for a one-month free trial.
• A Productboard single sign-on (SSO) enabled subscription (available on the Enterprise plan).

Add Productboard to your list of managed SaaS apps

1. Log in to your Okta account and navigate to the Admin dashboard.
2. On the left navigation panel, select Applications and then select Browse App Catalog.
   
3. Find Productboard integration and click Add Integration.
   
4. Fill in the Subdomain and click Done.
   

Grant access to users

In this section, you'll enable your users to use Okta single sign-on by granting access to Productboard.

1. Make sure you are inside the Productboard application and click Assignments.

2. Select Assign and then select Assign to people.

3. Then select assign to select the user to whom you will give access to Productboard using Okta.

4. Then check if the email is correct and select Save and go back.

5. Check if your user is Assigned and then select Done.

6. The user should appear in the People filter.

Note: the default role provided to users in this step is contributor – for instructions on how to change it, check out Configuring Productboard roles in Okta correctly.

Authorize SAML SSO in Productboard

1. First, open the Sign On section in the Productboard app in Okta, then select Actions and View IdP metadata
   
2. Go to https://<your_workspace>.productboard.com/.
3. Go to Settings under the Profile menu. Enable Enforce SAML SSO.
4. Select From Metadata.
5. Paste the new URL you copied in step 1 to the Manifest URL field.
   
   
6. Click Save & authorize.
7. Click the red Authorize button.
   
   
8. You will be redirected to Productboard, where you will be asked to sign in under SAML SSO to authorize the configuration.
   
   

9. Click on Sign in with Okta account. If the configuration leads to an error, you will be able to log in to your space with "username + password" or Google SSO as you used to. Check the SAML SSO configuration and try again. To troubleshoot the issue, please go to Troubleshooting Okta issues.

How to disable SAML SSO

You can disable the SAML SSO integration at any time in the Productboard settings.

The next time members log in, those who haven't set a Productboard password will be required to reset their password to receive login instructions via email.

If you wish to delete the Productboard application from Okta, you can do it by clicking Deactivate.

And then Delete.

For troubleshooting issues, see the article Troubleshooting Okta issues.

See also

• Configuring Productboard roles in Okta correctly
• Configuring SCIM provisioning in your workspace
• Setting up SCIM provisioning with OKTA
• SCIM API
• Troubleshooting Okta issues