Applicable to the following Sastrify plans:

Legacy*EssentialProPlatinum


* Legacy includes all plans signed before February 29, 2024.


Sastrify is now included in the Okta integration catalog. Pro & Platinum customers using Okta can securely login to Sastrify directly from Okta, bypassing the Sastrify login page and password management. Streamlined access for greater convenience.


In this configuration guide, you will learn how to configure Okta single sign-on (SSO) login and authentication for accessing Sastrify.



IN THIS ARTICLE


To set up Okta SSO as your login method for Sastrify, follow this 4-step process:

  1. Select "Login with Okta" as your login method in your Sastrify platform.
  2. Create an application for Sastrify in your Okta account and generate your credentials: Client ID, Client Secret, and Issuer URL.
  3. Send the credentials to Sastrify.
  4. Create a bookmark in Okta. 


Each step is detailed in the following sections.


Step 1: Select the login method in Sastrify



From your Sastrify app,

  1. Click on Settings in the left menu.
  2. Select "Users & Authentication".
  3. Under Authentication Settings, click Edit
  4. Select "Login with Okta".
  5. Click "Enable SSO"



After completing Step 5, you will receive a confirmation notifying you that your SSO enablement request has been sent to the Sastrify App Support team. This will trigger an email prompt for you to later send the required information (Step 3) to complete the configuration process.


Now that step 1 is complete, let's move on to step 2 to start generating the required credentials from your Okta account.


Step 2: Create an app in Okta and generate credentials


First, you will need to create an app for Sastrify within your Okta account. To do this,

  1. Sign in to your Okta organization using your admin account.
  2. In the admin console, go to Applications > Applications.
  3. Click Create App Integration.
  4. Select the sign-in method type "OIDC - Open ID Connect" and the application type "Web Application".
  5. Make sure you enter the following callback URL https://login.sastrify.com/login/callback as the sign-in indirect URL


After successfully creating the app integration in your org, search for it in the Applications page. 

  1. Click App Integration to open the settings page.
  2. On the General tab, the Client Credentials section shows the client ID and client secret value for your app integration. Copy to Clipboard button beside each text field.

  3. For the Issuer URL, click your username in the upper right corner of the Admin Console. The domain will appear in the drop-down menu located directly below the username. 


By now you should have all the required credentials: Client ID, Client Secret and Issuer URL

Proceed to step 3 to send these credentials to our App Support team to complete the configuration process. 


Step 3: Send the credentials to Sastrify


Now, simply send all the credentials to Sastrify by replying to the email generated from Step 1.


Once we receive your credentials, our Support Team will begin enabling the SSO login method within an SLA of 2 business days. You will be notified via email once the configuration is fully enabled.



Step 4: Create a bookmark in Okta


This last step can be done immediately after completing step 3. You don't need to wait for Sastrify's confirmation to start creating a bookmark. 


Creating a bookmark is also important if you want to log in to Sastrify directly from Okta.


1. Sign in to your Okta organization using your admin account.

2. In the admin console, go to Applications > Browse App Catalog.


3. In the Search... field, enter Bookmark App. Click on the app integration called Bookmark App.


4. Click the "Add integration" to create a new Bookmark App.



5. In the General Settings for the Bookmark App, enter a label for the external application and the URL of the sign-in page for the app provided by Sastrify. Click Done to create the Bookmark App.



Please contact the Support team through your Sastrify app if you would like to have this set up so we can send you the URL parameter needed to configure this.

Learn more about Sastrify App Support in this article.




6. As a final step, make sure that the users who should have access to Sastrify are assigned to this bookmark in Okta by clicking "Assign".



Step 5: How to log into Okta from Sastrify

1. Once Okta has been enabled, you and your team will receive an email to let you know of this change. Click on "Continue to log in":


2. You will be redirected to the Sastrify login page. Please enter your email as usual, and you will be redirected to Okta from there:


Frequently Asked Questions


Q: What type of data does this feature retrieve and consume from my Okta account or environment?

A: The authentication setup process will retrieve and consume the following data from Okta:

User profile information: This includes user attributes such as name, email, user ID, and any other custom attributes you have configured in Okta.

Authentication information: Tokens such as the ID token, access token, and update token are exchanged during the authentication process.


Q: How are these tokens stored?

A: Tokens are securely cached in our identity management database infrastructure as they are typically used for session management and API access control. In addition to the relevant tokens, the authentication process also stores and maintains logs of authentication events, which may include timestamps, IP addresses, and other metadata for security and auditing purposes.


Q: How often is the API called?

A: Every 168 hours i.e. every 7 days