Overview
You can enable SAML-based Single Sign-On (including Just-In-Time (JIT) provisioning with SAML) for the Persona Dashboard via Okta by following this guide.
By default, users can choose to login through SAML or via email and password. SAML enforcement can be configured by navigating to Organization > Security for a user with Admin permissions.
Availability
SSO is available on Growth and Enterprise plans. See our Pricing page for details.
Retrieve your Organization Slug
Log in to your Persona dashboard as a user with Admin permissions.
- Navigate to Organization > Security.
- Under Single Sign-On, click Set up.
- Here, you'll find your Organization Slug.
Make note of your Organization Slug. You'll need it in the next steps.
Add Persona to Okta
- Log in to your Okta organization as a user with administrative privileges. Make sure to switch to the Admin Console with Classic UI. The new UI does not currently support SAML based integrations.
- Click Applications in the menu bar. Then click Add Application and then Create New App.
- In the Create a New Application Integration dialog box, leave Web as the platform and select SAML 2.0 as the protocol. Click Create.
- On (1) General Settings, enter Persona as the name of the new Application. Click Next
- On (2) Configure SAML, enter the following for the fields .
General
- Single sign on URL:
https://withpersona.com/saml/<ORGANIZATION-SLUG>/acs
- Audience URI:
https://withpersona.com/saml/<ORGANIZATION-SLUG>/metadata
- Name ID Format: Unspecified
- Application username: Email
Attribute Statements
Name | Name format | Value |
---|---|---|
user_email | Unspecified | user.email |
name_first | Unspecified | user.firstName |
name_last | Unspecified | user.lastName |
- Click Next and then leave any feedback.
- Get your Identity Provider metadata XML URL for Persona to integrate back with Okta. This can be found under the Sign On tab in the SAML 2.0 callout by clicking the Identity Provider metadata link. Copy the URL and keep it handy for the next steps. The format of the URL should look like
https://dev-12345.okta.com/app/abcdefg/sso/saml/metadata
Complete the Okta integration in Persona
- Log in to your Persona dashboard as a user with Admin permissions
- Navigate to Organization > Security.
- Under Single Sign-On, click Set up.
- Enter in the Metadata URL you obtained from the last step in the Adding Persona to Okta section.
- Click Get metadata.
If done successfully, you should see a notification letting you know that your Okta integration has been set up.
Logging in to Persona through Okta
- To log in to Persona through Okta, first make sure that the user has been assigned to the Application in Okta.
- The user should then see Persona in their Okta dashboard. By clicking Persona, they should automatically log in to their Persona dashboard.
FAQs
Does Persona support JIT provisioning via SAML?
Yes, we support JIT provisioning for users.
Is there an API for creating and disabling users?
We currently don't have an API for creating/disabling users.
Is it possible to send over the user's role in Persona as an attribute in the SAML assertion?
At the moment, all new users will be set to an Organization's default role configured from within the dashboard. We do not currently support sending a user's role as an attribute, but if this is a high priority for your team please reach out to your Persona contact or Persona support to let us know about your need.