Supported Features
Service Provider (SP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when a user attempts to log in to Comprehensive using their Okta credentials.
Identity Provider (IDP)-Initiated Authentication (SSO) Flow - This authentication flow occurs when a user attempts to log in to Comprehensive from Okta.
Automatic account creation in Comprehensive on initial SSO.
Requirements
To enable Okta SSO in Comprehensive, you must:
Have access to an Okta tenant
Be an Okta administrator to that tenant
Have a company and credentials created for you within Comprehensive
If you have not received a set of credentials to log in with from your Comprehensive support contact, please email support@comprehensive.io to request them.
SSO Setup Steps
Once you’ve satisfied the requirements above, please follow the steps below:
Add Comprehensive as an integration:
After logging into your Okta subdomain, please click on the
Admin
button in the top right corner to navigate to your administrator account.On the admin account home page, navigate to the
Applications
→Applications
tab in the left sidebar.Next, click on
Browse App Catalog
In the
Search for an Application
field, search for “Comprehensive”. WhenComprehensive Okta-Verified OIDC
appears, click on the integration.On the Comprehensive integration page, click on
Add Integration
.Now, on the
General Settings
page, you can type a name for the new application. For example: “Comprehensive”.Use the option
Assign to People
to assign those users that you want to have access to your Comprehensive account.
Send information to Comprehensive
Before attempting to SSO into Comprehensive for the first time, you’ll also need to send over the following information to Comprehensive so that we can complete your setup process.
Company Okta subdomain slug - To find your company subdomain slug, please navigate to where you would usually log in to Okta. In the URL, you should see something that follows this pattern:
https://{company-subdomain}.okta.com/...
. Please send the company subdomain portion to your onboarding partner at Comprehensive.Client Id and Secret - On the SSO page of the integration that you just added, you should see a client id and secret (see image below). Please send these to your onboarding partner at Comprehensive.
Logging into Comprehensive (SP-initiated SSO)
When logging using the Login with Okta
button on the Comprehensive log-in page, you’ll be asked to input your Okta sign-in URL. If you’re unsure of what your Okta sign-in URL is, you can retrieve it by following the instructions here: