Single Sign On - Working Remotely
FOR STAFF WORKING REMOTELY
Single Sign On (SSO) technology is a service that permits users to use One Logon to access multiple systems. On 1/25/2019 LSC implemented SSO using a software called Okta. You can think of Okta and SSO as being interchangeable for our purposes. Using Okta, we have a single, integrated platform that offers you secure access to enterprise applications and information and allows users to customize their SSO dashboard by adding additional work and personal applications.
This guide is for LSC staff working remotely and will guide you through setting up and using your SSO.
SSO interacts seamlessly with applications like Box, Office 365, and Salesforce. You will need to provide your LSC user credentials to Okta when you first open one of these applications; once done, Okta will manage your user credentials with that application (as well as the other applications listed above) during that session. A session lasts for the period of time that you are actively working on your computer and includes an inactivity grace period.
Think of it like logging into your computer at work. When you sit down at your computer at your desk, when you open Box for the first time, you have to provide your user credentials. Once you are in Box, as long as you stay "active" in Box, you can open other documents.
The difference being, with Okta you have the ADDED benefit of being able to open SmartSheet, Salesforce, and Office 365 as well without needing to provide your credentials to them! That's because Okta is managing your credentials with these applications for you.
The first time you open Okta, you may notice that the Icons on your dashboard are greyed out and say "Plugin Required". Plugins for Chrome, Safari and Edge are available on the Okta Plugin tab, shown below. Firefox plugin is not available as many of LSC applications do not support Firefox.
- Navigate to the Okta Plugins tab
- Select the plugin that supports your browser of choice
- Follow the prompts to install the plugin to your computer
- After the installation, you may receive a prompt asking you if you would like to Turn it On or Keep it Off ... select Turn it on
- You may need to restart your browser for the change to take effect
- Check to see that your plugin is now available for use (upper right corner of your browser - blue "O" ring)
- Now you are ready to use your Okta Single Sign On
As mentioned earlier, the SSO implementation affects how you access Box, SmartSheet, Salesforce and Office 365. Typically, our remote users will start up their computer and at some point need to open a document stored in Box or reference information in Salesforce or read their email. At that point, they will open the application that they want to use, enter their user name and password and begin working in that application. Then, when they need to open another application, they do the same, each time entering their user name and password.
Okta eliminates the need to enter your user credentials each time. As an Okta SSO user, you will enter your credentials Once, and those credentials will ensure your access to Box, SmartSheet, Salesforce and Box for the duration of that user session. Without going too deeply into why it work, suffice it to say that Box, Salesforce and Office 365 use a special kind of technology called SAML that facilitates the SSO.
You can access your applications by accessing one of the SAML-enabled applications directly (opening a document stored in Box, launching Office 365, etc.) or by using your workbench (which we will discuss later.)
Once you have confirmed that you are part of LSC, Okta will launch a Sign In Dialog Box (below).
- Enter your LSC username (typically last name first initial @ LSC.gov). It will be the username you use to log into your computer at the office.
- Enter your LSC password. It will be the password you use to log into your computer at the office.
- Feel Free to Click the "Remember Me" checkbox.
- Click Sign In
- Okta will sign you into the requested document or application
You only need to sign in that one time.
If you need to open another SAML application (Box, SmartSheet, Salesforce, Office 365), and your Okta session is still open (you have been active and using the applications from your computer) you can do so without having to enter your credentials for that application. If you take a break or time out of your session from inactivity lasting 2 hours, then you will need to re-enter your credentials next time you open a SAML application.
- If you have not logged into Okta before, it will open a dialog box and ask you to provide your secondary email, security question, your cell phone and to pick a security picture (i picked the goats) and click Create My Account
In addition to managing your credentials for SAML-enabled technologies (Box, SmartSheet, Salesforce, and Office 365), Okta can also manage your credentials for other applications such as PayCom, Concur and Adobe (to name a few.) These applications can be accessed using the Okta Workbench.
Launching your Okta Dashboard
- Open Your Browser (Chrome, Internet Explorer, or Safari)
- Enter the SSO URL LSC.Okta.com
- If you are logging onto your dashboard remotely for the first time, you will need to provide your credentials and select the "remember me" box to ensure quick access from that machine moving forward.
- Your SSO Dashboard (below) will open.
We configured SSO so that you can use the application to seamlessly log into your Non-SAML applications such as Paycom, LSCeWeb, and Concur. Additionally, you can add your own frequently-used applications as well. As a result, you have a great deal of control over your SSO environment and can engage with, and use, the application as much or as little as you want. Read on to learn about the additional - optional - features that are available to you through SSO.
It's important to remember that you are NOT required to use this Dashboard. It is a convenient one-stop-shop for you to access your applications, but if you choose to continue to access Smartsheet, PayCom and Concur directly (as opposed to logging in through the Okta Dashboard), they will continue to work as they always have.
The benefit to users of the Portal is that Okta will manage your user credentials for these sites as well. It, in effect, becomes your password manager for these sites and any applications that you add to the dashboard.
For more information on how to use the Okta dashboard to manage your user credentials for PayCom, Concur and more, review the tutorial on Single Sign On Portal Basics
This guide covered the basics to get you started, but there is more information available to you as a new Okta/SSO user (including a guide on how to add additional applications to your dashboard.)
All Guides are available on the LSC training portal - ScreenSteps - which you can access from your Okta dashboard, click the Screensteps icon, click on Office of Information Technology, Select Single Sign On (OKTA) from the bottom list.
- FAQs - quick questions and answers
- Adding Applications to SSO - provides easy options for users to add additional work and personal tools to their SSO workbench
- How to Access SSO - quick tutorial on the different ways LSC staff can access and use SSO
- Removing an Application from SSO - how to remove quick links from your workbench
- Single Sign On - Working Remotely - tutorial on how to use SSO when you are telecommuting
- Single Sign On Portal Basics - Basic Information about the portal and how to authenticate to your managed applications
- Downloading the Okta Plugin - how to download the plugin for the Okta Dashboard
- Setting up or Changing your Secondary Email - how to enter an optional email for SSO to use if you forget a password
- Changing you SSO Password Challenge Question - how to manage your password challenge question
- Changing Your User Name OR Password for Personal Applications - if you change credential information for a managed application, you will need to update that information in SSO (if you want SSO to manage those credentials for you)