Okta SSO

Supported features

SP-initiated SSO -- Users navigate to V7 Go, enter their work email, and are redirected to Okta to authenticate before being returned to V7 Go.

Universal Logout -- When an Okta admin deactivates a user or detects a security threat, V7 Go sessions are terminated immediately.

Note: JIT provisioning is not supported. Users must be pre-provisioned in V7 Go before they can sign in through Okta. See Step 4 below.

Prerequisites

• Administrator access to your Okta organization
• An active V7 Go workspace with an Enterprise plan
• A V7 Go admin account (workspace owner or admin role)

Configuration steps

Step 1: Add V7 Go in Okta

1. Sign in to the Okta Admin Console.
2. Go to Applications > Browse App Catalog.
3. Search for V7 Go.
4. Click Add Integration.
5. Click Done.

Step 2: Express Configure SSO

Express Configuration automates the OIDC connection setup between Okta and V7 Go.

1. In the Okta Admin Console, open the V7 Go application.
2. Go to the Sign On tab.
3. Click Express Configure SSO & UL.
4. You will be redirected to V7 Go's login page.
5. Sign in with your V7 Go admin account.
6. Review the requested permissions and click Approve.
7. Okta and V7 Go will automatically exchange configuration. The SSO connection is created.

Step 3: Enable Universal Logout

1. In the Okta Admin Console, open the V7 Go application.
2. Go to the Sign On tab.
3. In the Logout section, click Edit.
4. Select Okta system or admin initiates logout.
5. Click Save.

Universal Logout requires the Workforce Identity SKU with Identity Threat Protection. Contact your Okta representative if this feature is not available.

Step 4: Invite users to V7 Go

Users must exist in V7 Go before they can sign in through Okta. JIT provisioning is not supported.

1. In V7 Go, go to your workspace Settings > Members.
2. Invite each user by their email address (must match their Okta email).
3. Users should accept the invitation and create their V7 Go account.

Step 5: Assign users in Okta

Only assigned users can authenticate through Okta SSO.

1. In the Okta Admin Console, open the V7 Go application.
2. Go to the Assignments tab.
3. Click Assign > Assign to People or Assign to Groups.
4. Select the users or groups you want to grant access to.
5. Click Assign, then Save and Go Back.
6. Click Done.

Ensure the user's email in Okta matches their email in V7 Go.

Step 6: Test the login flow

1. Open a private/incognito browser window.
2. Navigate to go.v7labs.com.
3. Enter the email address of an assigned Okta user.
4. You should be redirected to Okta for authentication.
5. After signing in, you should be returned to V7 Go and see your workspace.

User login flow

SP-initiated (from V7 Go)

1. User navigates to go.v7labs.com.
2. User enters their work email address.
3. V7 Go detects the SSO connection and redirects to Okta.
4. User authenticates with Okta.
5. User is redirected back to V7 Go and signed in.

User provisioning

JIT provisioning is not supported. Users must be invited to a V7 Go workspace before they can authenticate through Okta.

1. A V7 Go workspace admin invites the user by email.
2. The user accepts the invitation and creates their account.
3. The user is then assigned to the V7 Go application in Okta.
4. On subsequent logins, the user authenticates through Okta SSO.

Troubleshooting

Support

For issues with V7 Go, contact [email protected].

For issues with Okta, contact your Okta administrator or visit Okta Support.