If you have a standard UserVoice domain, e.g.https://<subdomain>.uservoice.com
, you can setup SAML SSO with Okta by adding UserVoice from the selection of Okta apps. Follow the guide below.
If you have a custom domain (CNAME), e.g.https://ideas.myapp.com
, you will need to setup a custom SAML App in Okta
Prerequisites
- An Okta Subscription with access to SAML
- A UserVoice plan that includes SAML Single Sign-On
- A UserVoice account and admin login
Okta Configuration
You will need values from your UserVoice metadata XML found at https://<subdomain>.uservoice.com/saml/metadata.xml
(replacing <subdomain>
with your subdomain).
1. General Settings
- In Okta, in the left nav click Applications → Applications.
- Click Browse App Catalog and then Search UserVoice → and click Add.
- In the Subdomain text box enter your subdomain, e.g for
acme.uservoice.com
, enter acme. - In the Audience URI text box enter your
entityID
. This is your full UserVoice URL withouthttps://
or slashes. You can also find it in themetadata.xml
. - No further configuration required. Click Next.
2. Sign-On Options
- Under Sign On methods, select SAML 2.0.
- In the Default Relay State (AKA: ACS URL or Location) text box, enter
https://<subdomain>.uservoice.com
. Listed aslocation
in themetadata.xml
. - Set Application username format to Email.
- Click Done.
3. Obtain the Remote Sign-In URL
- Navigate back to the Application → Sign-On, and scroll down to SAML Signing Certificates.
- Click View SAML setup instructions (on the right).
- Scroll to Step 4 and copy the SSO REMOTE SIGN-IN URL for use in the UserVoice Configuration.
Note: If you have an active cert you can download it from the link below the Remote Sign-In URL. If not, follow instructions below to obtain a cert.
4. Obtain SAML Cert
- Navigate back to Sign-On and scroll down to SAML Signing Certificates.
- If you don't already have one, generate a SHA-2 cert.
- Next to the cert, click Actions → Activate.
- Now click Actions → Download. This will download okta.cert file for use in the UserVoice Configuration.
Note: Make sure to assign users to the application otherwise they will not gain access to UserVoice.
UserVoice Configuration
You should have your Remote Sign-In URL and have downloaded the SAML cert before proceeding.
- In UserVoice, navigate to Settings → General → User Authentication → Edit.
- Click the plus next to Single Sign On (SSO) to add a configuration.
- Give your button a label and an icon (optional).
- In the Remote Sign-In URL text box, enter the Remote Sign-In URL you obtained in Step 3.
- Upload the .cert file obtained in Step 4.
- Click Save.
Test
To begin testing your SSO implementation, follow these steps:
- Open an Incognito Browser Window (or sign out of UserVoice and Okta and open a new window).
- Go to your UserVoice Forum Portal, e.g.
https://<subdomain>.uservoice.com
. - If you are not immediately presented with an Okta login page, click Sign in (top-right corner) and click your Okta tenant. A popup window should appear. Enter the email address and password of a user that has been assigned to the UserVoice Application. Click Sign In.
- If successful, you should be granted access, and taken to the home page. You have successfully setup Okta SAML Single Sign-On for UserVoice.
If you are unsuccessful, reread this guide, verify your configuration and test again. If you are still unsuccessful, see our Troubleshooting Guide.