Articles in this section

How to configure OKTA SSO

Michael
  • Updated

Available for: Enterprise, Business plans

Set up by: Company Admins

It is strongly recommended to configure the feature in a separate incognito mode window of your browser. This way you keep the session in the standard window, allowing you to switch off the SSO authorization in case something is configured incorrectly.

If you wish to set up a test account before enabling SSO on production, please request it with your Account Executive or Miro Sales representative. Only those who configure SSO will be added to this test account.

Our main SSO tutorial can be seen here

Setting up Okta

Adding and configuring the app 

Click the Applications tab and choose to Browser App Catalogue:

browse_app_catalog.jpg
Applications section in Okta

Find our preconfigured app for easy setup and click to Add it:

Miro_pre-configured_app.jpg
Miro in the Okta app catalogue

Give the app in your gallery the label you prefer (other steps are optional) and click Next to switch to the Sign-On options tab:

general_settings.jpg
Miro app's general settings

In the Sign-On Options all the values we expect are already filled and no additional data are required.

⚠️ You may add customized values if you prefer, but make sure that the Default Relay State is kept empty: our standalone apps employ redirection to the end-user's browser during the authentication procedure and generate unique RelayState values for that. If you use a Default value, Okta will overwrite our data and your users will only be able to access Miro's browser version, but not any standalone apps (desktop, tablet, mobile).

sign-on_options.jpg
Sign-on methods

Click to Finish. You will be able to go back and edit any fields later if need be. 

Username format

💡 The Application username format is by default set to Okta Username which is okay if your Username is in the email format. Alternatively set the Username to Email.
⚠️ Email is the primary ID by which the user is recognized in Miro and should not be updated on the Okta's end unless you have SCIM enabled. If you don't use SCIM but need to update your end user's addresses, please reach out to our Support team.  

Setting up Miro

Scroll down to SAML Signing Certificates to get the IDP metadata. If you do not have any issued certificates, first create one. 

After that click Actions and choose to View IdP metadata like so:

view_Idp_metadata.jpg
Getting the IdP metadata

You will be directed to a separate tab that containsall the information. Copy the certificate from the line starting with <ds:X509Certificate> and paste it to Miro SSO Settings in Key x509 Certificate field.

certificate_in_Miro_SSO_settings.jpg
Key x509 certificate in Miro SSO settings

Go back to the metadata page and copy the URL from SingleSignOnService line after Locationand paste it to SAML Sign-in URL.

You are all set!

As a final step of the Miro settings add your domains and verify them. You may also configure the optional settings

If you meet any issues, please check out our list of common cases and how to resolve them.

Was this article helpful?
Yes, thanks Not really
Sorry about that! Why wasn't the article helpful?
If you would like to get a reply from the Miro Support team, please create a ticket here
Thank you for your feedback!
Error! Please try later...
Return to top

Related articles