SSO (Single Sign On) authentication lets you access your company’s applications and websites with a single set of login credentials. Centage has now enabled you to include Planning Maestro in your SSO solution.
You can add Planning Maestro to your company’s SSO solution if you use any SAML 2.0 compliant identity providers, including:
- Azure AD
- CA Technologies
- ... (and many more. Ask Centage Support.)
When you work with Centage to set up SSO, your company’s Administrator chooses an SSO Admin user in Planning Maestro who can set up SSO for your company.
This document shows you, a Planning Maestro SSO Admin, how to set up SSO for your company using Okta.
Please Note: You can only add Planning Maestro to your SSO solution after you have your Planning Maestro account set up.
Setting up SSO with Okta
Step 1: Open your company’s Okta account. On the homepage, select Admin.
Step 2: At the top of the page, click Applications.
Step 3: On the Applications page, click Add Application.
Step 4: A search menu appears below. Click Create New App.
Step 5: A Create a New Application Integration popup appears. Next to Sign on method, select the SAML 2.0 radio button. Click Create.
Step 6: A Create SAML Integration page appears. On the General Settings tab, in the App name field, enter Planning Maestro and click Next.
Step 7: On the Configure SAML tab, under SAML Settings, enter the following information in the fields provided:
Example: This example company’s domain name is paradventureinc, so their Single Sign On URL is https://paradventureinc.planningmaestro.com/saml/SSO.
Audience URI (SP Entity ID) – Enter planning-maestro.
Under ATTRIBUTE STATEMENTS (OPTIONAL), enter displayName in the Name field and user.displayName in the Value field.
Please Note: If you have a Premium Okta account, you can add a custom field named Centage Username. This custom field would make it easier to add users later.
Step 8: On the Feedback tab, next to Are you a customer or partner?, select I’m an Okta customer adding an internal app.
Step 9: More fields appear below. Mark the This is an internal app that we have created checkbox and click Finish.
Saving Your Metadata URL and Recipient URL
A new page opens with the Name you selected before. Use this page to collect two pieces of information you need to set up SSO in Planning Maestro:
1. Metadata URL
2. Recipient URL
Saving Your Metadata URL
On the Sign On tab, scroll down to the box highlighted in yellow. Right-click on Identity Provider Metadata and select Copy link address.
You should be presented with the content of this Metadata URL, with something like:
- https: //<domain>.okta.com/app/<okta id>/sso/saml/metadata
Save this link in a safe place (such as a Notepad file on your desktop). You will need it to set up SSO in Planning Maestro itself.
Please Note: Copy this link and save it somewhere secure.
Saving Your Recipient URL
Now, save your Recipient URL. Select the General tab.
Copy the Recipient URL on this page and save it with your Metadata URL. You will need both of these URLs when you set up SSO in Planning Maestro.
Step 1: To assign users from your company to access Planning Maestro through SSO, select the Assignments tab.
Please Note: If this user is brand-new and does not have an Okta account yet, add them as a new user in Okta first.
Step 2: On the Assignments tab, click on Assign and select Assign to People from the dropdown menu.
Step 3: An Assign Planning Maestro to People popup appears. Click Assign next to the first user who should be able to access Planning Maestro through SSO.
Step 4: Your work email appears in the User Name field. Click Save and Go Back.
Step 5: The popup returns to the list of users. The user you assigned has an Assigned button. Click Done.
Repeat steps 1-4 to assign other users.
Step 6: After assigning all necessary users, click Done.
- The Assignments page lists all users who can access Planning Maestro through your company’s SSO solution.
- Use the following section to make sure these user’s Okta display names match their Planning Maestro usernames.
Confirming Display Names
Please Note: If you want to add users who are new to Okta and Planning Maestro, first create the users in Okta. Then, you can assign those users to the Planning Maestro portal.
To assign users to Planning Maestro who already exist in Okta, see the previous section.
Make sure your assigned users’ display names are the same as their Planning Maestro user names. Otherwise, these users cannot access Planning Maestro.
Step 1: On the page for this Planning Maestro app, on the Assignments tab, select the name of any user.
Step 2: The user’s page opens. Select the Profile tab.
Step 3: The user’s profile appears. Click Edit.
Step 4: Scroll down to Display name and make sure this display name is an exact character match for the user’s Planning Maestro User Name.
Step 5: Scroll down and click Save.
Now, see Setting up SSO in Planning Maestro to learn how to use the Metadata URL and Recipient URL you saved from Okta to set up SSO from within Planning Maestro.