SAML SSO with Okta

Here's a guide to get started with SAML SSO with Okta for your Whimsical workspace, but you can also check Okta’s documentation.

In Okta:

1. Sign in to Okta Admin app to generate a metadata file.
2. Save the metadata provided by Okta as metadata.xml .

In Whimsical:

3. In your Workplace settings, enable SAML SSO.

4. Once SAML SSO is enabled:

• Select Okta from the “Identity Provider” dropdown list
• Make a note of the “ACS URL” value
• Upload the metadata.xml file from step 2 in the “SAML Metadata XML” field
• Click Save

After that’s saved:

• Make a note of the “LOGIN URL” value
• Leave the “Require SAML for login” option disabled for now until you make sure the SAML configuration works successfully

In Okta:

5. Select the Sign On tab for the Whimsical SAML app, then click Edit:

• Scroll down to the “ADVANCED SIGN-ON SETTINGS” section
• Enter the “ACS URL” value you made a copy of in step 4
• Click Save
• Finally, don't forget to test the setup to ensure everything is working correctly.

After that’s done, you can go back to your Whimsical Workspace settings and adjust two more things:

• Default user role: Whimsical supports JIT (Just-in-time) account provisioning. That means that Whimsical will create an account for a user authenticating via SAML if necessary. New users will be created with the role and permissions you choose:
  • Editors - paid role with full ability to create and edit content
  • Viewers - free role with read and comment-only limited permissions
• Require SAML for login: You can enable this optional setting if you want to prevent users from accessing your workspace with other means of authentication, such as a password or via Google SSO.