OM Documentation Account Management

How to enable Okta SSO and MFA for OptinMonster

Single sign-on (SSO) is a user authentication tool that enables users to securely access applications and services using just one trusted set of credentials. OptinMonster’s Okta integration provides your business additional layers of controlling access to your OptinMonster account.

OptinMonster’s Okta integration is an optional security solution. It is available only for Growth and Enterprise subscriptions, and includes a one-time implementation fee. If you’re interested in enabling Okta on your account, please reach out to support to learn more prior to completing the steps below.

Create a new application called OptinMonster

Once logged in to the Okta admin, navigate to the Applications page using the sidebar on the left.
Click the Create App Integration button.
In the resulting pop-up select SAML 2.0 and click Next.

On the Create SAML Integration page, enter the following:
*Any setting not directly addressed is optional.

General Settings

App name: OptinMonster
App logo: You can download our Press Kit here — For best results, use the Logos/Web/Logo/logo-color-medium.png file. This logo will help identify to your users that they are logging into OptinMonster via Okta.

Click Next.

Configure SAML

The <slug> referenced below will be provided as part of the setup with support.

Single Sign On URL: https://app.optinmonster.com/saml/sso/<slug>/
Ensure “Use this for Recipient URL and Destination URL” is checked
Audience URI: https://app.optinmonster.com/saml/sso/<slug>/
Default RelayState: no value
Name ID Format: EmailAddress
Application Username: Email

Click Next.

Feedback

Are you a customer or partner?: Select “I’m an Okta customer adding an internal app”
App type: Check “This is an internal app that we have created”

Click Finish.

Once finished, you should be directed to your new application’s page.

(Optional) Setup Multifactor Authentication (MFA)

If you would like to implement MFA/2FA with this Okta SSO setup, you will need to first ensure MFA methods are setup for your organization, and that in your policy, they are set as required. Configuring these settings is outside the scope of OptinMonster support. Please see Okta’s guides for implementing MFA below:

To ensure this SSO SAML 2.0 Application implements your MFA methods, you will need to add a new Sign On Policy Rule.

  • On the application page, click on the Sign On tab
  • Scroll down to the Sign On Policy section
  • Click on the Add Rule button
  • Give the rule a name, e.g. SSO MFA
  • For most of these settings, select the values most fitting for your application
  • Ensure the Prompt for factor is checked, and select the frequency for the prompt
  • Click Save

Collect and Send Application Information

To complete your setup, we need you to collect the following information for your app and send to [email protected].

  1. On the application page, click on the Sign On tab
  2. In the sidebar, click on the View SAML setup instructions button
  3. A new tab should open titled How to Configure SAML 2.0 for OptinMonster Application.
  4. On this screen you should be presented with the following:
    – Identity Provider Single Sign-On URL
    – Identity Provider Issuer
    – X.509 Certificate

We suggest using https://onetimesecret.com to share this information with OptinMonster support.

Once we’ve received the information above, we will complete the integration for your account and let you know when it is complete.

To test the completed OptinMonster Okta integration, visit your Okta account and click on the OptinMonster application. You should be immediately logged in through your Okta credentials. Alternatively, if any user logs in with an email ending with your configured domain, they will be redirected to the SSO login.