1. Employ Solutions Help Center
  2. PILLAR - AI INTERVIEW COMPANION
  3. Integrations

OKTA SSO

Follow
Avatar
Jess Berg

Pillar integrates with Okta over SAML.

Role

Owner

Integration

To integrate, you will need to configure a SAML 2.0 Application in Okta using the Pillar metadata:

The values that need to be specified are:

Single Sign in URL https://auth.pillar.hr/__/auth/handler   
Audience URI (SP Entity ID): https://app.pillar.hr   
Name ID Format EmailAddress  
Attribute Statements: name, Basic user.firstName + " " + user.lastName

 

If you would like to assign the Pillar admin role to users based on your Okta groups, you can do so with a SAML role claim:

Attribute Statements: role, Basic "Admin" or "Interviewer"

 

An example SAML Assertion should look similar to:


<?xml version="1.0" encoding="UTF-8"?>

<saml2:Assertion ID="id6705107957415523935299808" IssueInstant="2022-11-08T13:27:12.687Z" Version="2.0"

xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">

<saml2:Issuer Format="urn:oasis:names:tc:SAML:2.0:nameid-format:entity">http://www.okta.com/exk6w5f2q5paSojzt5d7</saml2:Issuer>

<saml2:Subject>

<saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">employee@domain.com</saml2:NameID>

<saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">

<saml2:SubjectConfirmationData NotOnOrAfter="2022-11-08T13:32:12.687Z" Recipient="https://auth.pillar.hr/__/auth/handler"/>

</saml2:SubjectConfirmation>

</saml2:Subject>

<saml2:Conditions NotBefore="2022-11-08T13:22:12.687Z" NotOnOrAfter="2022-11-08T13:32:12.687Z">

<saml2:AudienceRestriction>

<saml2:Audience>https://app.pillar.hr</saml2:Audience>

</saml2:AudienceRestriction>

</saml2:Conditions>

<saml2:AuthnStatement AuthnInstant="2022-11-08T13:27:12.687Z" SessionIndex="id1667914032685.1686544979">

<saml2:AuthnContext>

<saml2:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</saml2:AuthnContextClassRef>

</saml2:AuthnContext>

</saml2:AuthnStatement>

<saml2:AttributeStatement>

<saml2:Attribute Name="name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic">

<saml2:AttributeValue

xmlns:xs="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">FirstNameHere LastNameHere

</saml2:AttributeValue>

</saml2:Attribute>

</saml2:AttributeStatement>

</saml2:Assertion>


After configuring the application, you will need to share the following values from Okta with your Pillar contact:

  • Identity Provider Issuer (Entity ID)
  • Identity Provider SSO URL
  • X.509 Signing Certificate

Available from this area in the Okta UI:

Was this article helpful?
0 out of 0 found this helpful