Get set up with the Dashboard

Last updated: 14th July 2022

This page describes the two main tasks an Okta administrator needs to take.

Initial Okta setup

This first section describes the preliminary steps you need to take as an Okta administrator to enable single sign-on (SSO) for Checkout.com.

Sign in to your Okta admin portal with Super Admin rights.
In the upper-left corner, select Classic UI to make sure all features are visible.
Select Applications > Create New App > SAML 2.0 > Create.
In the App Name field, enter Checkout.com.
Upload the following App Logo and select Next.

Set Single Sign On URL to http://localhost as a placeholder. Use this for the Recipient URL and Destination URL.
Set Audience URI to http://localhost as a placeholder.
Set Default Relay state to:
- https://dashboard.checkout.com for production
- https://dashboard.sandbox.checkout.com for sandbox
Set Name ID to Unspecified.
Set Application username to your Okta username.
Set Update application username on to Create and update.
Leave the default values of the Advanced SAML settings as they are.
Set the Attribute statements as detailed below. These are mandatory attributes for the SAML assertion.

Set the Groups statements required to propagate your identity provider (IDP) groups as part of the SAML assertion. This is needed to configure access rights by mapping your IDP groups to Checkout.com known roles. To propagate all groups:

Name	Name format	Value
`idpGroups`	`Unspecified`	`Matches Regex .*`

You can use a more restrictive group regex filter if you'd like.

Go back to the application’s Sign-On tab and select View Setup Instructions.
Copy the Identity Provider Single Sign-On URL.
Copy the Identity Provider Issuer.
Download the certificate.

Checkout.com supports several types of users, all with different levels of access. See Team Permissions for a breakdown of each of these roles.

Create a .json file that defines a mapping between the propagated groups to Checkout.com’s known roles.

For example:

{
  "ClientGroup1": "Owner",
  "ClientGroup2": "Admin",
  "ClientGroup3": "Read Only",
  "ClientGroup4": "Read Only"
}

You will be provided with a set of SFTP login credentials with which you will securely share the following configurations:

Our Okta admin will then register your IDP with the above configuration and reach back to you to complete the setup.

This section describes the final steps you need to take as an Okta administrator to configure SSO for Checkout.com.

Go to the Checkout.com SAML application you previously created.
Select General > SAML Settings > Edit > Next.
Replace the placeholder values for the Single Sign-On URL and the Audience URI with the parameters we previously shared with you.
Select Next, then Finish.

Go back to the Checkout.com application and select Assignments > Assign to Groups.
Assign the groups defined in the previous steps to the application.

While signed in as a permitted user, check that a Checkout.com application is visible on the corporate Okta dashboard.
Select the application. If everything is working correctly, it should authenticate you and redirect you to Checkout.com.

Go to either:
- https://dashboard.checkout.com (production)
- https://dashboard.sandbox.checkout.com (sandbox)
Enter your email address and select Next.
Select Sign in using SSO. If everything is working correctly, it should redirect you to Checkout.com.