Do you still have questions about Okta? We are here to help!
In this section, we will answer these questions:
- Is the provisioning tab missing from applications in Okta?
- Why are my users and teams not showing up in Spekit?
- Can you connect SSO/SCIM to multiple accounts?
- What IDPs do we support?
- When I complete the transition to SSO or User management, will my team be logged out and need to log in again (to Web App and/ or Chrome)?
- For an admin that just signed up with Spekit, will the integration within their IDP already be set up? (Can they log into Spekit right away through their IDP?)
- When IDP first syncs with Spekit, what roles will new IDP users have in Spekit?
- How does the SCIM/SSO connection work?
- What if my connection fails during the connection process?
- How does Login with SSO work?
- Can we allow SSO companies to invite people to Spekit, not via IDP?
- Once an Admin connects their IDP, will the IDP create duplicate accounts?
- How do we manage syncing Salesforce and IDP users for new customers?
- If clients have SSO with Okta, can they no longer log in with Salesforce?
- How do IT teams/SSO Admins configure us on their OKTA page and/or extension?
- How are Spekit Sandbox accounts identified?
- Will users stay logged in?
- What are the requirements when creating a unique domain?
Is the provisioning tab missing from applications in Okta?
Your company must be subscribed to the Okta Lifecycle Management product to be able to see the Provisioning tab in Okta.
Why are my users and teams not showing up in Spekit?
Scenario: You have added users and groups to your IDP; however, they do not appear in Spekit.
Possible Resolutions:
- Okta
- Enable Push Groups and Push Groups
- https://help.okta.com/en/prod/Content/Topics/users-groups-profiles/usgp-about-group-push.htm
- After a user or group is created, you must Push Groups to Spekit
Can you connect SSO/SCIM to multiple accounts?
No, you can only connect to one production org.
What IDPs do we support?
We fully support Okta, OneLogin, Azure AD, PingFederate, and PingOne IDPs, and we have a lot more in beta.
When I complete the transition to SSO or User management, will my team be logged out and need to log in again (to Web App and/ or Chrome)?
No account will be logged out. However, an email will prompt them to log in via SSO.
For an admin that just signed up with Spekit, will the integration within their IDP already be set up? (Can they log into Spekit right away through their IDP?)
After signing up, the admin must connect their IDP for SSO and SCIM. Only then can users log in.
When IDP first syncs with Spekit, what roles will new IDP users have in Spekit?
Currently, through the IDP, all users will come in as viewers. If they are not assigned a group, they will default to “All Spekit Users.”
How does the SCIM/SSO connection work?
It will all happen in one flow: once users sync their SSO, they will be prompted to sync their SCIM account.
What if my connection fails during the connection process?
There will be an error message pop-up that will prompt them to try again.
If they close the page or their computer shuts down, their connection page will remain unchanged, and they must restart/resume the connection process.
How does Login with SSO work?
There are two ways to log in with SSO:
- One is through your IDP (Okta) where you can sign in and be directed to the Spekit dashboard
- Second, once an admin connects to their IDP, the user will be prompted to input their workplace name (created by their admin) so that they can be redirected to their IDP. Once redirected, they will log in via IDP (if not already) and be directed back to the Spekit dashboard.
Can we allow SSO companies to invite people to Spekit, not via IDP?
Admins with an IDP can invite users to a Spekit account but not a Salesforce account.
Once an Admin connects their IDP, will the IDP create duplicate accounts?
No, we will do a 1-time manual link between IDP accounts and existing Spekit accounts (and Salesforce/Spekit accounts).
How do we manage syncing Salesforce and IDP users for new customers?
If/ when a new customer syncs salesforce, they will ONLY sync the metadata. User data will come from the IDP.
If clients have SSO with Okta, can they no longer log in with Salesforce?
Existing users with Salesforce login enabled will still be able to log in with Salesforce. This is to avoid confusing and blocking existing users’ current flow. New users cannot connect to Salesforce login/users if they have IDP connected.
How do IT teams/SSO Admins configure us on their OKTA page and/or extension?
WorkOS provides documentation for this.
How are Spekit Sandbox accounts identified?
Our system knows if a user is logged in with a Sandbox account. If they are, the button to “Connect with SSO/SCIM” will be disabled.
Will users stay logged in?
Yes, we will not log out users when connecting SSO/SCIM.
What are the requirements when creating a unique domain?
Lowercase only and no more than 63 characters. No special characters are allowed.
Can’t find the information you’re looking for? Check out these topics: