This page describes the steps to follow to enable authentication of your workspace's users with Okta.
SSO is only available to customers who subscribed to a "One" plan.
Initial information for Wisepops
Before connecting Okta, we first need to set up a few things. Send a message to Wisepops' support with the following details:
Allowed email domains: Provide us a list of email domains that are allowed to log in using SSO. Email addresses that do not match are denied access. For example, if the user's email addresses have this format:
username@example.com, the domainexample.comshould be allowed. We only accept enterprise domains, not generic domains likegmail.com.Just In Time: With this feature, users using SSO are created on Wisepops if they don't already exist, without needing to be invited. They're created with the "Editor" role, with access to all the websites of the workspace. You can choose to disable this feature, so that new users must be invited to Wisepops before they can log in with SSO.
Once the SSO connection has been set up on Wisepops, we will provide you with the following information:
An initiate URI
A redirect URI
You will need these URIs to configure Wisepops SSO in Okta.
Set up the Wisepops App in Okta
Now that you have an initiate URI and redirect URI for Wisepops, let's create an authentication application in your Okta account. You must be an Okta administrator to perform this action.
In the admin interface, go to Applications > Applications > Create App Integration.
โ
In Sign-in method, select OIDC - OpenID Connect.
In Application type, select Web Application.
โ
In the General Settings section:
Fill the App integration name as "Wisepops".
Optionally, upload a logo.
Make sure Proof of possession is not checked.
Under Grant type
Make sure Client Credentials is not checked.
Make sure Authorization Code is checked.
Make sure Refresh Token is not checked.
None of the advanced settings should be checked.
Set the Sign-in redirect URIs to the redirect URI provided by Wisepops, containing /callback/.
For example: https://id.wisepops.com/api/sso/callback/yourcompanyname.
Sign-out redirect URIs and Base URIs should be left empty.
Set up the Assignments section so that the Wisepops Okta app is accessible to the appropriate users.
Click Save.
In the General Settings section of the Wisepops admin app page, click Edit.
Scroll down to the Login subsection.
Set the Login initiated by to Either Okta or App.
Check Application visibility.
Set Login flow to Redirect to app to initiate login.
Set the Initiate login URI to the Initiate URI provided by Wisepops, containing /initiate/. For example: https://id.wisepops.com/api/sso/initiate/yourcompanyname.
Click Save.
Final information for Wisepops
Now that your Okta app for Wisepops is ready, let's connect the dots by providing the new Okta app details to the Wisepops support. Send us a message with the following information:
The Okta app Client ID,
The Okta app Client Secret,
Your Okta domain.
The Wisepops support will come back to you once the SSO is enabled for your Wisepops workspace.
Once you have confirmed that the SSO works well, and you can log into Wisepops with it, you can ask us to require SSO for all users of your workspace. This option enforces login with SSO, and disable all other authentication methods (such as Google Sign-in and magic link email).
We recommend that you only activate this option once we are sure that SSO is correctly configured, to avoid being locked out of your Wisepops account.