This step-by-step guide explains how to set up SINGLE SIGN-ON (SSO) in the Wellness360 admin portal with Okta as your SAML Identity Provider (IdP).

 

Note:

  • Accounts should be created first in the IdP or Wellness360, and then authenticated via the IdP before logging in to Wellness360. 

  • You must be the Account Owner or an Administrator of the Wellness360 portal to get this set up for your account.

 

Configuring SAML SSO for Wellness360 with OKTA

I. Log in to the Wellness360 Admin portal. Find SSO Settings on the left menu panel.


II. Setting Up in Okta

1. Log into Okta as the administrator. Click on the Admin tab to access the administration. Click on 

Applications in the Menu bar and find Applications in the Items.


 Applications (menu) > Applications (item)


2. Click the Add Application button.


3. Click the green ‘Create New App button at the top right.


4. Choose Web as the Platform and SAML 2.0 as the sign-on method, then click on 'Create'.


5. Paste the Post-back URL from the Wellness360 portal into the Single sign-on URL and the Audience URI from into Audience URI (SP Entity ID), respectively.

6. Scroll down to the ATTRIBUTE STATEMENTS (OPTIONAL) section on this same page. Add 3 attributes here as shown below. Click Next.


Name

Name Format

Value

given_name

Unspecified

user.lastName

family_name

Unspecified

user.lastName

email

Unspecified

user.email


7. For the question 'Are you a customer or a partner?', choose 'I'm an Okta customer adding an internal app'. Scroll to the bottom (skipping the other optional questions) and click on 'Finish'.

 

8. Now assign your users to the newly created Wellness360 app. Click on the 'Assignments' tab to choose and add People or Groups. 


9. Choose the Sign On tab.


10. Click the 'View Setup Instructions' button. A new page will open with the Identity Provider Single Sign-On URL. Copy it. Click 'Download Certificate' to save the X.509 Certificate. You will need these to complete the next step.

 

11. Head back to the SSO Settings page in the Wellness360 portal. Paste the URL and upload the certificate that you saved from the above step.

 

12. Toggle Force SAML Sign-in if you want Users to only log in to Wellness360 via SSO with Okta. An Account Owner can log in to the Wellness360 portal with their account password to prevent the Account Owner from getting locked out. Click on the 'Save' button.

 

Single-sign on with Okta is now configured! Your users can now log in to Okta to connect to Wellness360.