Note: Service-Provider-initiated SSO is the only SSO implementation supported by Docubee.  Identity-Provider-initiated SSO is not offered at this time.

Configuring Okta with Docubee involves the following:

1. Creating an app in Okta
2. Configuring your app in Okta
3. Configuring your Okta credentials in Docubee
4. Verifying your app

Create an App in Okta

This document will assume that the Customer’s Admin is aware of how to set up and use Okta, although we will provide some basic information here.

• Docubee does not offer a prebuilt app for Okta, so the Enterprise App must be added via the Create App Integration path.
• Docubee SSO (Single Sign-On) supports only SAML 2.0 apps.
• Users must be assigned to the App in order to have access to Docubee.

Configure your App in Okta

1. Copy the following values from Docubee and paste them in Okta:
   1. Copy the Audience value from Docubee and paste it in the Audience URI (SP Entity ID) field in your Okta app.
   2. Copy the Assertion Consumer Service (ACS) URL value from Docubee and paste it in the Single sign-on URL field in your Okta app.
2. In your Okta app, uncheck Use this for Recipient URL and Destination URL.
3. Copy the Recipient URL value from Docubee and paste it in both the Recipient URL and Destination URL fields in Okta.
4. In Okta:
   1. In the Attribute Statements (optional) field, add the following (this is a required value for use with Docubee):
      • Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
      • Name Format: URI Reference
      • Value: “user.email”
   2. Save the app.
   3. Navigate to the Assignments tab.
   4. Click Assign and select the relevant assignment choice.
   5. Assign all users that should have access to Docubee.

Configure your Okta Credentials in Docubee

In your new Okta App:

1. Navigate to the General tab.
2. Scroll to the App Embed Link section.
3. Copy the Embed Link from Okta and paste it in the Identity Provider Log-in URL field in Docubee.
4. Navigate to the Sign On tab.
5. Scroll to the SAML Signing Certificates section.
6. Click Actions next to the SHA-2 certificate.
7. Click Download Certificate and save it somewhere you will remember.
8. In the Upload Certificate file picker in Docubee, select your certificate.
9. Click UPDATE SSO CONFIGURATION.

Verify your App

1. Once both of the above sections have been completed:
   1. In Docubee, click TEST SSO CONFIGURATION to launch the new Okta modal.
   2. Log in to Okta.

   If everything went well you should see that screen close and a green alert notification on the bottom of the Docubee screen should confirm a successful test.

2. When you are ready to require that ALL your users of a given domain logon only with SSO:
   1. 1. In Docubee, enable the toggle for the respective domain and update your config again.

   Please Note: if your config is malformed and you have enabled a domain no one will be able to log into your Docubee organization. To ensure continued access we strongly encourage you to test your configuration prior to logging out.

Related Information

Configure Single Sign-On
Additional Resources

Need more help getting set up? Contact us for assistance from our customer support team.