Single-Sign On (SSO) will allow users in an Account to go directly into the Sibme web app without having to login because they have already been authenticated by another service. Okta is a service provider that allows users to Single-Sign On into Sibme. If your company, school, or district uses Okta as a SSO authentication method, then these directions will help set up Sibme to work with Okta to provide SSO to their users.

Based on the default user settings in the Sibme platform, you should have permission to complete this task if you are one of the user levels listed below. If you do not see the screens in this article, you can ask your administrator if you have permission.

An Account Owner will need to do some setup on their Okta platform and then do some configuring in their Sibme Account Settings for Okta to be used as the SSO for your account. Please complete the following steps to configure Okta SSO in Sibme Application:

1. Login to your Okta Account. You will need permissions to be able to change configurations in Okta for this to work.

2. Select “Your Apps“ from the options found under your name in the top right corner.

3. Select Admin from the top right corner.

4. Change view from “Developer Console“ to “Classic UI.” This can be found in the top left corner.

5. Select Applications from the menu.

6. Select “Add Application.”

7. Select “SAML Service Provider” and choose Create New App.

8. Select “Add“ on the Application page.

9. Add Application Label and click Next. This will be the title of the app that users will use in Okta.

10. Open the View Setup Instruction page in a new tab or window. You will need information from this page now and later on in the process. Copy the Identity Provider Issue and paste it into the Service Provider Entity ID field on the previous page. Enter “https://api.sibme.com/acs“ into the Assertion Consumer Service URL field.

11. Set “Application username format” to “Email.”

12. Select Done at the end of Application Configurations.

13. After clicking Done, select “Identity Provider metadata“ and view the XML data. You will need to copy the Single Sign-on URL and paste it into the Single Sign-on URL field in Account Settings within Sibme.

14. Now go back and login to Sibme and go to Account Settings. Add the Single Sign-on URL from the XML data that you copied in Step 13.

15. Go back to the Configuring SAML 2.0 page you opened in a new tab/window back in step 10 and click on the CLICK HERE link to download the Identity Provider Certificate. Paste the certificate data in the X.509 Certificate field in Sibme Account Settings.

16. Go back to the Configuring SAML 2.0 page and copy the Identity Provider Issue. Paste the Identity Provider Issue into the IDP Entity ID field in Sibme Account Settings.

17. Be sure to check the Enable SAML checkbox to turn SSO on. If you want to force users to use SAML/Okta for Authentication, then also select/turn on the check-box “Force SAML Sign-on”. Click Save in Sibme Account Settings. You are all set. Now users will be able to use Okta to authenticate and login to Sibme.

● Single-Sign On Overview

● What Is Force SAML Sign-on