Overview

To authenticate your Helpjuice users with Okta we have two approaches, first using our prebuild app, and this is the most useful if your users in Okta have a matching email eg. user@helpjuice.com, but in cases where there are many users with different domains we will have to set up additional fields or create a new Okta app.

Helpjuice Okta prebuilt application

To authenticate your Helpjuice users with Okta, you need to go to your Okta account, then click on Applications > Applications > Add Application:

Search for "helpjuice" and then select the Helpjuice app:

Once added, go to the Helpjuice app page, Sign On tab and click on "View Setup Instructions". 

Then follow their instructions. They will provide you all the information you need to input into Helpjuice settings to get your SSO working.

Users with different email domains

In order to accommodate users that don't have matching email domain, we have to populate their profiles organization field and it should match SSO Company field in Helpjuice settings.

And on in the user's Okta profile:

Go to Directory > People and select the user that needs to be edited and go to their profile and populate their Organization field.

We understand that you might have too many users to edit, so we suggest creating a custom Okta application for Helpjuice.

Custom Okta application for Helpjuice

This is a fairly simple process and takes only about 15 minutes to set up.

Navigate to Applications > Applications > Add Application and go to Create New App.

On the first step please select SAML 2.0 option and click create.

On the Second step just give the name to the app and click next, you can find an image for your app in Helpjuice logos.

In General Settings please populate the fields as follows.

In Attribute, statements populate fields as follows.

Once you are done, click next and after answering a few short okta questions you should be redirected to your applications page. There navigate to Sign-On tab and go to view setup instructions.

There you should find your Identity Provider Single SIgn-On URL, X.509 Certificate ( from which we will get fingerprint ), and your IDP Metadata.

The first step is to get your fingerprint, please go to SAMLTool, paste your X.509 Certificate, choose SHA1 algorithm, and click on Calculate Fingerprint, and it will look  like this:

ebd55c23a697667a99c5f3135d90a807ee05ebd9

Now, all we are left to do is to update your Helpjuice settings.

*Populate these fields with your info!

Paste in your new metadata.

*Populate this field with your metadata!

Helpjuice uses groups to manage permissions and access to the documents, if you have permissions setup in your IDP and you want them to reflect in Helpjuice, please populate groups field.

Please note that you should create groups before sending the group attribute! This field is case sensitive.

Also, you must enable the group syncing option on the bottom of the page:

And the rest of the fields should be left empty.

That is it, now your Okta SSO should be working.