Okta Integration

​

Prerequisites

• An Okta account with Admin privileges.
• Each user must be invited to Courier via email before they can log in with Okta.
• Some steps require information exchanged with Courier. Before continuing, contact Courier Support for assistance setting up Okta sign-in.

​

Create the App Integration in Okta

1. Navigate to the Applications > Applications section of the Okta admin panel
2. Hit the “Create App Integration Button”:

3. Select SAML 2.0 and hit “Next”

4. Enter Courier as the app name and optionally provide the Courier logo (available after the screenshot) then click “Next”

5. Contact Courier support for a Single sign on URL and an Audience URI. Enter them in their respective fields under SAML settings.

6. In the Attribute Statements section, enter the following information:

7. Hit the “Next” button towards the bottom of the page
8. Under the “Application Feedback” section, select “I’m an Okta customer adding an internal app” and hit “Finish”:

9. From the “Sign On” tab of the new Courier application integration, find the Metadata URL. Copy the link address and send it to the Courier support team member

​

Creating a Courier Bookmark App

​

Steps

1. Log in to the Okta admin panel as an Admin.
2. Go to Applications > Applications.
3. Click Browse App Catalog.
4. Search for Bookmark App, select it, and click Add.
5. Enter an app name (e.g. Courier Login).
6. Paste the URL from Courier Support into the URL field:

7. Click Save.
8. Assign to users to test.

​

Migrating Users To Okta

1. From the Settings > Security page, confirm that “Require Google SSO” is not checked

2. From the Settings > Team page in Courier, remove and then re-invite users who should sign in with Okta

​

Accepting an Okta Invitation

1. Sign out of Courier
2. Click the “join” button from the email invite
3. Enter your work email (the email address your invite was sent to)
4. Hit continue

Users with Okta logins to Courier must use the email login process.

​

User Provisioning with Okta SCIM v2

1. Contact Courier support for a SCIM endpoint URL and bearer token
2. Navigate to the Courier App from the Okta admin panel
3. Navigate to the provisioning tab and click “Edit”

4. Enter the URL provided by Courier into the “SCIM connector base URL”
5. Enter userName into the “Unique identifier field for users”
6. Check “Push New Users” and “Push Profile Updates” for the “Supported provisioning actions”
7. For “Authentication Mode” select HTTP Header
8. Enter the Bearer token provided by Courier

9. Hit “Save”
10. After 30 seconds the provisioning tab should have a “To App” section on the left. If it doesn’t, try refreshing the page. Once it appears select it and hit the “Edit” button
11. Check the “Create Users”, “Update User Attributes”, and “Deactivate Users” features and hit save

12. Using the side menu navigate to Directory > Profile Editor and hit the edit profile button of the Courier App

13. Hit the “Add Attribute” button

14. Enter the following values:
    • Data type: string
    • Display name: Role
    • Variable name: role
    • External name: role
    • External namespace: urn:ietf:params:scim:schemas:core:2.0:User
    • Description: Courier Role

15. Check the “Define enumerated list of values” checkbox and enter the following values:

• Display Name: Admin, Value: ADMINISTRATOR
• Display Name: Manager, Value: MANAGER
• Display Name: Developer, Value: DEVELOPER
• Display Name: Designer, Value: DESIGNER
• Display Name: Support, Value: SUPPORT_SPECIALIST
• Display Name: Analyst, Value: ANALYST

16. Check the “Attribute required” checkbox and hit “save”

​

Finalizing User Provisioning

• Changes to user assignments in the Courier Okta app will automatically be reflected in the Courier Workspace.
• Users will receive an invite via email to Courier when added.
• Users are automatically removed from the Courier Workspace when no longer assigned in Okta.