1. Help Hub
  2. User Guides - Centage
  3. Centage: SSO

Setting up SSO - Okta

Follow
Avatar
Centage Support

SSO (Single Sign On) authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Centage in your SSO solution.

You can add Centage to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:

  • OneLogin
  • Okta
  • RSASecurID
  • Idaptive
  • Ping
  • Microsoft Entra ID
  • CA Technologies
  • ... (and many more. Ask Centage Support.)

When you work with Centage to set up SSO, your company’s Administrator chooses an SSO Admin user in Centage who can set up SSO for your company.

This document shows you, a Centage SSO Admin, how to set up SSO for your company using Okta.

Info.png Please Note: You can only add Centage to your SSO solution after you have your Centage account set up.

Setting up SSO with Okta

Step 1: Open your company’s Okta account. On the homepage, select Admin.

O1a.png

Step 2: At the top of the page, click Applications.

O1b.png

Step 3: On the Applications page, click Add Application.

O1c.png

Step 4: A search menu appears below. Click Create New App.

O1c1.png

Step 5: A Create a New Application Integration popup appears. Next to Sign on method, select the SAML 2.0 radio button. Click Create.

O1d.png

Step 6: A Create SAML Integration page appears. On the General Settings tab, in the App name field, enter Centage and click Next.

Step 7: On the Configure SAML tab, under SAML Settings, enter the following information in the fields provided:

O1f.png

Single sign on URL – Enter https://companydomain.planningmaestro.com/saml/SSO (with your company’s domain name in place of “company domain”).

Example.png Example: This example company’s domain name is paradventureinc, so their Single Sign On URL is https://paradventureinc.planningmaestro.com/saml/SSO.

Audience URI (SP Entity ID) – Enter planning-maestro.

Under ATTRIBUTE STATEMENTS (OPTIONAL), enter displayName in the Name field and user.displayName in the Value field.

Info.png Please Note: If you have a Premium Okta account, you can add a custom field named Centage Username. This custom field would make it easier to add users later.

Click Next.

Step 8: On the Feedback tab, next to Are you a customer or partner?, select I’m an Okta customer adding an internal app.

O1g.png

Step 9: More fields appear below. Mark the This is an internal app that we have created checkbox and click Finish.

O1h.png

Saving Your Metadata URL and Recipient URL

A new page opens with the Name you selected before. Use this page to collect two pieces of information you need to set up SSO in Centage:

1. Metadata URL

2. Recipient URL

Saving Your Metadata URL

On the Sign On tab, scroll down to the box highlighted in yellow. Right-click on Identity Provider Metadata and select Copy link address.

You should be presented with the content of this Metadata URL, with something like:

  • https: //<domain>.okta.com/app/<okta id>/sso/saml/metadata

Save this link in a safe place (such as a Notepad file on your desktop). You will need it to set up SSO in Centage itself.

Info.png Please Note: Copy this link and save it somewhere secure.

Saving Your Recipient URL

Now, save your Recipient URL. Select the General tab.

Copy the Recipient URL on this page and save it with your Metadata URL. You will need both of these URLs when you set up SSO in Centage.

Assigning Users

Step 1: To assign users from your company to access Centage through SSO, select the Assignments tab.

Info.png Please Note: If this user is brand-new and does not have an Okta account yet, add them as a new user in Okta first.

Step 2: On the Assignments tab, click on Assign and select Assign to People from the dropdown menu.

Step 3: An Assign Centage to People popup appears. Click Assign next to the first user who should be able to access Centage through SSO.

Step 4: Your work email appears in the User Name field. Click Save and Go Back.

Step 5: The popup returns to the list of users. The user you assigned has an Assigned button. Click Done.

Repeat steps 1-4 to assign other users.

Step 6: After assigning all necessary users, click Done.

  • The Assignments page lists all users who can access Centage through your company’s SSO solution.
  • Use the following section to make sure these user’s Okta display names match their Centage usernames.

Confirming Display Names

Info.png Please Note: If you want to add users who are new to Okta and Centage, first create the users in Okta. Then, you can assign those users to the Centage portal.

To assign users to Centage who already exist in Okta, see the previous section.

Make sure your assigned users’ display names are the same as their Centage user names. Otherwise, these users cannot access Centage.

Step 1: On the page for this Centage app, on the Assignments tab, select the name of any user.

O2c.png

Step 2: The user’s page opens. Select the Profile tab.

O2d.png

Step 3: The user’s profile appears. Click Edit.

O2e.png

Step 4: Scroll down to Display name and make sure this display name is an exact character match for the user’s Centage User Name.

O2f.png

Step 5: Scroll down and click Save.

O2g.png

Now, see Setting up SSO in Centage to learn how to use the Metadata URL and Recipient URL you saved from Okta to set up SSO from within Centage.

 

Assigning Users

 

Please Note: If a user is brand-new and does not yet have an Okta account, add them as a new user in Okta before proceeding with the steps below.

 

Follow the steps below to assign users from your company to access Centage through SSO.

 

  1. Select the Assignments tab on the Centage app page in Okta.
  2. On the Assignments tab, click Assign and select Assign to People from the dropdown menu.
  3. In the Assign Centage to People popup, click Assign next to the user you want to add.
  4. Confirm the user's work email appears in the User Name field, then click Save and Go Back.
  5. The popup returns to the user list. The assigned user now shows an Assigned button. Click Done when finished assigning all users.

 

Repeat Steps 1–4 for each additional user who needs access.

 

Once all users are assigned, the Assignments page lists everyone who can access Centage through your company's SSO solution.

 

Understanding Username Matching Requirements

 

Before confirming display names, it is important to understand how SSO authentication works. When a user logs in through Okta, Okta passes a username to Centage via the SAML assertion. Centage then compares that username against its own user records. If the values do not match exactly, the login will fail.

 

This means a user's name must match exactly across all three of the following locations:

 

Location Field Name Example Value
Okta User Display Name (Profile tab) firstname.lastname
Okta SSO Assignment Username passed via SAML assertion firstname.lastname
Centage Centage Username firstname.lastname

 

The username format used across all three locations is typically User.DisplayName — for example: jane.doe or John.Smith. Confirm the exact format used in your organization's Centage instance before assigning users.

 

All three values must be an exact, character-for-character match, including capitalization, punctuation, and spacing. Even a minor difference will prevent the user from logging in.

 

Common Mismatches to Watch For

 

  • Email format vs. display name format — e.g., jsmith@company.com in Okta vs. John.Smith in Centage
  • Capitalization differences — e.g., john.smith vs. John.Smith
  • Extra spaces before or after the name
  • A period or separator missing — e.g., JohnSmith vs. John.Smith

 

Confirming Display Names

 

Please Note: If you want to add users who are new to both Okta and Centage, first create them in Okta. Then assign those users to the Centage app using the steps in the Assigning Users section above.

 

For users who already exist in Okta, follow the steps below to verify that their Okta Display Name matches their Centage username. This must be confirmed for every assigned user.

 

  1. On the Centage app page in Okta, open the Assignments tab and click the name of any assigned user.
  2. The user's page opens. Select the Profile tab.
  3. On the Profile tab, click Edit.
  4. Scroll down to the Display Name field. Confirm that this value is an exact character-for-character match for the user's Centage Username (for example: Jane.Smith).
  5. If the Display Name needs to be updated, make the correction and scroll down to click Save. If the Display Name already matches, no changes are needed.

Repeat this process for each assigned user before proceeding.

Once you have confirmed all display names, proceed to Setting up SSO in Centage to use the Metadata URL and Recipient URL you saved from Okta to complete the SSO configuration.

Updating Expired SSO Certificate

Step 1 — Generate a New Certificate in Okta

  1. Log into your Okta Admin Console
  2. Go to Applications → Applications and open your Centage app
  3. Click the Sign On tab
  4. Scroll to the SAML Signing Certificates section
  5. Click Generate new certificate

ℹ️ Note: The new certificate will be created in an inactive state. This gives you time to update Centage before activating it, preventing any disruption for your users.

Step 2 — Download the New Certificate

  1. Next to the new (inactive) certificate, click Actions → Download certificate
  2. Save the file to your computer

Step 3 — Update the Certificate in Centage

  1. Log into Centage as an administrator
  2. Navigate to Admin → SSO Settings
  3. Replace the existing certificate with the newly downloaded one
  4. Save your changes

Step 4 — Activate the New Certificate in Okta

  1. Return to the SAML Signing Certificates section in Okta
  2. Click Actions → Make Active on the new certificate
  3. Confirm the activation

Step 5 — Test Your SSO Login

  1. Open a private/incognito browser window
  2. Navigate to your Centage login page
  3. Attempt to sign in via SSO
  4. Confirm you are authenticated successfully without any certificate errors
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section