Enforce SAML single sign-on with Okta

 

V12 4:24 Ent.svg

 

In this article, you'll learn how to set up SAML SSO with Okta, allowing you to:

  • Enable your users to be automatically signed in to Productboard using their Okta accounts.
  • Manage your accounts in one central location – Okta.
  • Change the default role settings for users managed in Okta, from contributor to admin, maker, or viewer.

To learn more about SAML app integration with Okta, take a look at this official documentation.

In this article:

Prerequisites

To get started, you'll need the following items:

Add Productboard to your list of managed SaaS apps

  1. Log in to your Okta account and navigate to the Admin dashboard.
  2. On the left navigation panel, select Applications and then select Browse App Catalog.
    Untitled - 2023-04-20T164739.046.png
  3. Find Productboard integration and click Add Integration.
    Untitled - 2023-04-20T164934.159.png
  4. Fill in the Subdomain and click Done.Untitled - 2023-04-20T165122.338.png

Grant access to users

In this section, you'll enable your users to use Okta single sign-on by granting access to Productboard.

1. Make sure you are inside the Productboard application and click Assignments.

2. Select Assign and then select Assign to people.

Screenshot_2021-04-20_at_15.57.09.png

3. Then select assign to select the user to whom you will give access to Productboard using Okta.

Untitled - 2023-04-20T165336.344.png

4. Then check if the email is correct and select Save and go back.

Screenshot_2021-04-20_at_15.58.36.png

5. Check if your user is Assigned and then select Done.

Screenshot_2021-04-20_at_16.08.50.png

6. The user should appear in the People filter.

Screenshot_2021-04-20_at_16.06.39.png

Note: the default role provided to users in this step is contributor – for instructions on how to change it, check out Configuring Productboard roles in Okta correctly.

Change the default role for new users

  1. Select Directory and then click on Profile Editor in your Okta application.
    image (82).png
  2. Then, in the Productboard Profile, select Profile.
    image (83).png
  3. Then click Add Attribute.
    image (84).png
  4. Make sure you fill the following fields correctly:
    • Display name: PB Role
    • Variable name: pb_role
    • Check the enum checkbox with the text "Define enumerated list of values".
    • Then fill the Display name and Value fields with the following values both: admin , maker, contributor and viewer

• And click Save.
image (85).png

  1. Make sure you get confirmation that the attribute pb_role has been added.
    image (86).png
  2. Then we need to click on Applications and then on Productboard.
    image (87).png
  3. Make sure you select Assignments in the Productboard profile and then click on the person's name for whom you would like to change the role.
    image (88).png
  4. Click on Applications and then edit.
    image (89).png
  5. You should see pb_role. You can change it to the role that the user should have in Productboard and then click Save.
    image (90).png
  6. Log in with this user using Okta. You will see that the user has the role.

Authorize SAML SSO in Productboard

  1. First, open the Sign On section in the Productboard app in Okta, then select Actions and View IdP metadata
    Untitled - 2023-04-20T170654.666.png
  2. Go to https://<your_workspace>.productboard.com/.
  3. Go to Settings under the Profile menu. Enable Enforce SAML SSO.
  4. Select From Metadata.
  5. Paste the new URL you copied in step 1 to the Manifest URL field.
    Untitled - 2023-04-20T171444.701.png
  6. Click Save & authorize.
  7. Click the red Authorize button.
    Untitled - 2023-04-20T171754.275.png
  8. You will be redirected to Productboard, where you will be asked to sign in under SAML SSO to authorize the configuration.

    Untitled - 2023-04-20T171916.873.png

9. Click on Sign in with Okta account. If the configuration leads to an error, you will be able to log in to your space with "username + password" or Google SSO as you used to. Check the SAML SSO configuration and try again. To troubleshoot the issue, please go to Troubleshooting Okta issues.

How to disable SAML SSO

You can disable the SAML SSO integration at any time in the Productboard settings.

The next time members log in, those who haven't set a Productboard password will be required to reset their password to receive login instructions via email.

If you wish to delete the Productboard application from Okta, you can do it by clicking Deactivate.
image (67).png
And then Delete.
image (68).png

For troubleshooting issues, see the article Troubleshooting Okta issues.

See also

Was this article helpful?
1 out of 2 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more
Our Support hours:
Monday to Friday from 9:00 am - 2:00 am CET. Monday to Friday from 0:00 am - 5:00 pm PST.
Productboard Academy
Become a Productboard expert with self-paced courses, quick tip videos, webinars and more.
Product Makers Community
Connect with product leaders, share and find product jobs, and learn how to approach similar challenges. Come join our Product Makers community.