Setting Up OKTA SSO

SSO is available only on RocketReach Enterprise plans. If you are interested in enterprise pricing, you can contact us here.

This article is intended for administrators setting up SSO for their teams on RocketReach.

Okta Setup

  1. Open a new browser tab or window (preferably in incognito mode), and sign in to your Okta administrator console.
  2. Select Applications option from the list.                                  okta.png
  3. On the Applications page, click the Create App Integration button.oSyFm_C6hJdwKXuTa9r-0pDfWvZ904OSdOVohFdVxHODcvEpwOh_cq4YCpxx9-o9o-LyMap6mCxDet6dHmEigukm-pw_VCyV34PsT8BzN_GqURABhK_Xvknb_YqY.png
  4. Choose SAML 2.0 and click Next. 4P1HJkzMKeCtHKllq_E9NC879U4e6x4HIxg411VS42RwMEcqbTrS4zcTqapgL3O9Tmz0AGW72HX3y2_SaAPdV4btlcgQetV6_cULRo1slxuE4liKW56PTgtxakZx.png
  5. In Step 1, General Settings, give the application whatever name you want, add Logo (optional), and click Next. tYIxxKwOCv9QqeCj0dBjIbPhHbabwqeBZmCG2KN-n4E5_1_TQxvgkx_5S81YS7J4OxOgnXTS7ktJxbaga-YpZJyofoPPD-O68jwxzznqfF4gzsfwKQQehTe92yQl.png
  6. On Step 2, SAML Settings, enter these details:
    1. Single sign on URL and Audience URI:
    2. Name ID Format: EmailAddress
    3. Application Username: Email QmJ4XWXvhgZAH2LzgUFe9pSFBZM996cGEdGBCuT3LwvN9jFeFfWkk04MwC785XvBHiOyJ3ArXT8xSmdLhpyul6KkWh8Rxs1St-Q-UUXWU0yRh5Ix_6kk_vvCYOi4.png
  7. Click Show Advanced Settings in SAML Settings and set the following:
    1. SAML Issuer Id to${org.externalKey} RIIbWQNOnb-OkAVTh-EYbnOAxQBYv7Fwym4zC2iF70Hcu2uMVXxxymJ5BPk5VcO__9quVAJsiXzcorIai8_2IxtXZQLXuKWpUsKQ7RP7ngLiTaRE835Trbf6AlP8.png
  8. In the Attribute Statements, add the following attributes: 
    Name Name Format Value
    first_name Unspecified user.firstName
    last_name Unspecified user.lastName
    email Unspecified
  9. Click Next to go to step 3.
  10. Choose I’m an OKTA customer and then click Finish to create the app.
  11. Open the Assignments tab.
  12. Click Assign > Assign to People and click the Assign button beside each user you want to approve for single sign-on access to RocketReach.
  13. ​​Click Done. Make sure users’ email addresses appear in the User Name field.
  14. Select Assignments and assign desired users to the RocketReach app to allow them to log in to RocketReach using SSO.
  15. Select the Sign On tab. In the SAML Signing Certificates you’ll find the link to the Okta setup page containing the data needed in the following steps.                                                               0usnRa-OxGEyl_VtSuCsJ-ZcIYDgtkTG2i7Yj2lftHYVpkCojxYC4hzPKzyPVFzi3ut5eobTXyzTEuwvB0EV5ydRCiLhqTAfrChA7Bt3tDR0wP4Iu-diYbeO5xvU.png

RocketReach Setup

  1. Open a new browser tab or window (preferably in incognito mode), and sign in to RocketReach as your Enterprise team administrator.
  2. Go to My Account page, then select Security                                tnSctmfsSSk__yvd2sbtcbT0bXRVE6-D_ax0lER_qOzxRvrhr4o9CgLeo5_EXsvO68nYnI6VijidasWH7KBfz3judelNU08q11srEQCfHtxrIs17c3fpENd7T5jh.png
  3. Click the Setup SAML Connection button and select Okta in the list on the left side: qsOW-R9UnneypiNueDXe8tw_lIClss1osoYjVYS0DgPn09DpSwlsNFij8xO3fWDrgrr1prXACbvw3amDhEOpNTnjAO96pmwyWx5KINJXetv486gDMt84m_CSAth5.png
  4. Submit your signin URL and x509 certificate, following the steps in this article.
  5. Click Test SAML Connection.
  6. Once the connection is tested successfully click Save Configuration button.
  7. Enable the Single Sign On function. pS5RdzodD9_XcpduQs1WR4B4SBFrGdcQUebHq3ydD9SAVokqcqLpr-XPMD6rTfMvYQXP5HSGQ_Aenwx2T7DyGRTu3NhXysLl5S9Uxa32LFfWxIGNJRig5NjAP88p.png
  8. Log out and test SSO login following the steps below.

Logging In

If you've configured and enabled SSO on RocketReach, your users' sign-in flow will follow the sequence below:

  1. Users navigate to a RocketReach Login with SSO page.
  2. Once users enter their email, they are redirected to your corporate server or third-party identity provider login page, depending on the enterprise SSO IdP you connected.
  3. The IdP requests the user’s username and password. They enter their sign-in credentials. The client passes the SAML response to RocketReach.
  4. If valid, users are redirected back into RocketReach.

Note: Users can also start the sign-on process from your corporate server or your third-party identity provider’s sign-in page. They will then be authenticated automatically when accessing RocketReach.