Simplify password management, improve security, and log in seamlessly with an Identity Provider (IdP). This article describes setting up your IdP to enable SSO for specified domains logging into Atera.

For information on enabling SSO via Microsoft Azure AD, see Single sign-on with Microsoft Azure AD

Note: Single sign-on with your IdP is available to Atera Enterprise plan subscribers.

Note: Single sign-on with your IdP is available to Atera Superpower plan subscribers.

Overview

We'll provide a comprehensive explanation of the following, using Okta as our IdP example.

1. Set up an Identity Provider (IdP): You need to have an IdP (e.g., Okta) that supports OpenID Connect (OIDC). The IdP is responsible for authenticating users and providing identity data to the applications.
2. Create user accounts within the IdP: Before connecting Atera to your identity provider, make sure the desired people have valid accounts in the identity provider. This is essential for a successful SSO connection.
3. Register Atera with the IdP: Once done, you'll get a client ID and a client secret which your application will use to authenticate itself with the IdP.
4. Assign Atera to users: This guarantees that only authorized individuals can access Atera through the SSO process. This not only dictates authorization but is instrumental in enabling access to Atera via the SSO process. By assigning Atera to specific users within the IdP, you ensure that the right individuals can log in through SSO. Without this assignment, even authenticated users would lack the necessary access to log in to Atera using their single sign-on credentials.
5. Enable single sign-on (SSO) within Atera: You will then configure Atera with details about this OIDC connection. To ensure SSO functions correctly, Popups must be enabled in your browser.

Create an Okta account

All account users need to download the Okta Verify app from the App Store (iPhone and iPad) or Google Play (Android devices).

To sign up to Okta:

1. Go to Okta

2. Enter your first name, last name, email, phone number, and country/region.

3. Click the I'm not a robot checkbox to pass the Voight-Kampff test.

4. Click Get started.

An activation email is sent to your email address.

5. Open it and click Activate Okta Account. You are redirected to Okta.

6. Complete the signup.

Register Atera in Okta

To register Atera in Okta: 

1. Log in to Okta

2. Click Admin (top-right corner). 

3. From the Applications dropdown, select Applications. Then click Create App Integration.

4. For the Sign-in method, select OIDC - OpenID Connect.

5. For the Application type, select Web application. Then click Next.

6. Enter the General Settings for your new app integration:

• App integration name: Enter your app integration name (e.g., Atera).
• Sign-in redirect URI: Enter this Auth0 tenant information callback URL:
  • https://auth.atera.com/login/callback
• Assignments: Select your preferred controlled access option.

7. Click Save.

You've integrated Atera into your IdP successfully.
Note: When activating SSO in Atera, you'll need to provide the Domain name(s), Issuer URI, Client ID, and Client Secret.

Create a user

Note:

• You cannot assign Atera to the first user account that was set up during the initialization of your IdP account. 
• Please ensure that the user name (including domain), first name, and last name align with the user's credentials within Atera. Otherwise, the connection will fail.

To create a user:

1. Go to Directory > People > Add person.

The Add Person window appears.

2. Fill out the user details.

Note: The username is the email the user will enter to sign in.

3. Click Save.

4. Inform the user so that they can sign in via an activation email. The user will appear on the People page.

Assign Atera to a user

Note: You cannot assign the first user account that was set up during the initialization of your IdP account. To create another user, see Create a user

To assign Atera to a user:

1. Go to Directory > People.

2. Select the user. 

3. Click Assign Applications. 

4. Click Assign.

5. Fill out the user information. Then click Save and Go Back.

6. Click Done. The application (Atera) is assigned to the user.

Copy Client ID and Client Secret

To copy your Client ID and Client Secret:

1. Go to Applications > Applications > [App name] (e.g., Atera).

The application page appears.

2. Click the copy to clipboard icon () to copy your Client ID and Client Secret.

3. Copy and paste these into their respective fields when setting up your SSO authentication (see Activate SSO in Atera).

Add SSO providers in Atera

To activate SSO or add additional identity providers to enable SSO for specific domains, see Enable Single sign-on (SSO)

Sign in with SSO

Once you've registered Atera in Okta, added users, assigned Atera to your users, and enabled SSO in Atera, it's time for you and your colleagues to experience the magic of SSO.

To sign in to Atera via SSO:

1. Log in to Atera

2. Enter your email address. Then click Continue. You are redirected to Okta.

3. Enter your username (email). Then click Next.

4. Enter your password. Then click Verify.

5. Under Okta Verify, click Set up. And get your phone ready!

6. Follow the on-screen instructions.