Veelo offers a SAML-based Single Sign-on (SSO) service, which allows users to use their organization's credentials to access Veelo. This way, there's only one username/password to remember, saving them time and making their sign-in experiences much easier.
This article describes how you can set up SAML SSO for Veelo through Okta. Veelo uses your users' email addresses to map to Okta.
- Use Okta to sign in to Veelo
- Reduce security threats through password breaches and credential theft
- Centralize user, password, and authorization management
Step by Step
- Create a new SAML 2.0 app in Okta. Please refer to your Okta documentation on how to proceed, and read on below for the specifics for Veelo setup.
- Use EmailAddress as the Name ID and Email as the Application Username.
- The Single Sign On URL is https://[yourdomain].veeloapp.com/sso/saml/callback. If you don’t know or are unsure what your custom domain is, please email firstname.lastname@example.org.
- Pick your value for Audience URI (SP Entity ID), note it, then contact email@example.com with that information together with the the other information in step 8 below.
- The Default Relay State needs to be set to https://[yourdomain].veeloapp.com/discovery/all.
- Add the Attribute Statements:
firstname > user.firstName
lastname > user.lastName
email > user.email
role > user.role
- Save this as an internal app.
- Email the following information to firstname.lastname@example.org:
- XML metadata
- Audience URI
- Identity Provider Single Sign-On URL
- Identity Provider Issuer
- X.509 cerfiticate
- In the User Identity section, make sure you enable Identity resides in the NameID element of the subject.
- The NameID from Okta should be mapped to the Veelo user's email address.
- Copy the Assertion Consumer Services (ACS) endpoint and paste this URL in the Edit SAML integration page in Okta.