In this article, you'll learn how to set up SAML SSO with Okta, allowing you to:
- Enable your users to be automatically signed in to Productboard using their Okta accounts.
- Manage your accounts in one central location – Okta.
- Change the default role settings for users managed in Okta, from contributor to admin, maker, or viewer.
To learn more about SAML app integration with Okta, take a look at this official documentation.
In this article:
- Prerequisites
- Add Productboard to your list of managed SaaS apps
- Grant access to users
- Change the default role for new users
- Authorize SAML SSO in Productboard
Prerequisites
To get started, you'll need the following items:
- An Okta subscription. If you don't have a subscription, you can sign up for a one-month free trial.
- A Productboard single sign-on (SSO) enabled subscription (available on the Enterprise plan).
Add Productboard to your list of managed SaaS apps
- Log in to your Okta account and navigate to the Admin dashboard.
- On the left navigation panel, select Applications and then select Browse App Catalog.
-
Find Productboard integration and click Add Integration.
- Fill in the Subdomain and click Done.
Grant access to users
In this section, you'll enable your users to use Okta single sign-on by granting access to Productboard.
1. Make sure you are inside the Productboard application and click Assignments.
2. Select Assign and then select Assign to people.
3. Then select assign to select the user to whom you will give access to Productboard using Okta.
4. Then check if the email is correct and select Save and go back.
5. Check if your user is Assigned and then select Done.
6. The user should appear in the People filter.
Note: the default role provided to users in this step is contributor – for instructions on how to change it, check out Configuring Productboard roles in Okta correctly.
Change the default role for new users
- Select Directory and then click on Profile Editor in your Okta application.
- Then, in the Productboard Profile, select Profile.
- Then click Add Attribute.
- Make sure you fill the following fields correctly:
- Display name: PB Role
- Variable name: pb_role
- Check the enum checkbox with the text "Define enumerated list of values".
- Then fill the Display name and Value fields with the following values both: admin , maker, contributor and viewer
• And click Save.
- Make sure you get confirmation that the attribute pb_role has been added.
- Then we need to click on Applications and then on Productboard.
- Make sure you select Assignments in the Productboard profile and then click on the person's name for whom you would like to change the role.
- Click on Applications and then edit.
- You should see pb_role. You can change it to the role that the user should have in Productboard and then click Save.
- Log in with this user using Okta. You will see that the user has the role.
Authorize SAML SSO in Productboard
-
First, open the Sign On section in the Productboard app in Okta, then select Actions and View IdP metadata
- Go to https://<your_workspace>.productboard.com/.
- Go to Settings under the Profile menu. Enable Enforce SAML SSO.
- Select From Metadata.
- Paste the new URL you copied in step 1 to the Manifest URL field.
- Click Save & authorize.
- Click the red Authorize button.
- You will be redirected to Productboard, where you will be asked to sign in under SAML SSO to authorize the configuration.
9. Click on Sign in with Okta account. If the configuration leads to an error, you will be able to log in to your space with "username + password" or Google SSO as you used to. Check the SAML SSO configuration and try again. To troubleshoot the issue, please go to Troubleshooting Okta issues.
How to disable SAML SSO
You can disable the SAML SSO integration at any time in the Productboard settings.
The next time members log in, those who haven't set a Productboard password will be required to reset their password to receive login instructions via email.
If you wish to delete the Productboard application from Okta, you can do it by clicking Deactivate.
And then Delete.
For troubleshooting issues, see the article Troubleshooting Okta issues.
Comments
Article is closed for comments.