Using OKTA SSO for Veelo

Veelo offers a SAML-based Single Sign-on (SSO) service, which allows users to use their organization's credentials to access Veelo. This way, there's only one username/password to remember, saving them time and making their sign-in experiences much easier.


This article describes how you can set up SAML SSO for Veelo through Okta. Veelo uses your users' email addresses to map to Okta.

Key Features

  1. Use Okta to sign in to Veelo
  2. Reduce security threats through password breaches and credential theft
  3. Centralize user, password, and authorization management

Step by Step

  1. Create a new SAML 2.0 app in Okta. Please refer to your Okta documentation on how to proceed, and read on below for the specifics for Veelo setup.
     
  2. Use EmailAddress as the Name ID and Email as the Application Username.
     
  3. The Single Sign On URL is https://[yourdomain].veeloapp.com/sso/saml/callback. If you don’t know or are unsure what your custom domain is, please email support@veeloinc.com.
     
  4. Pick your value for Audience URI (SP Entity ID), note it, then contact support@veeloinc.com with that information together with the the other information in step 8 below.
     
  5. The Default Relay State needs to be set to https://[yourdomain].veeloapp.com/discovery/all.
     
  6. Add the Attribute Statements:

    firstname  > user.firstName
    lastname  > user.lastName
    email >  user.email
    role > user.role
     
  7. Save this as an internal app.
     
  8. Email the following information to support@veeloinc.com:
    1. XML metadata
    2. Audience URI
    3. Identity Provider Single Sign-On URL
    4. Identity Provider Issuer
    5. X.509 cerfiticate
       
  9. In the User Identity section, make sure you enable Identity resides in the NameID element of the subject.
     
  10. The NameID from Okta should be mapped to the Veelo user's email address.
     
  11. Copy the Assertion Consumer Services (ACS) endpoint and paste this URL in the Edit SAML integration page in Okta.