SSO login via Okta to Pando
To set up Okta SSO with Pando, follow the instructions given below.
Requirements
To proceed with configuring Pando login with SSO through Okta, you need to have the following requirements:
You must have access to an Okta tenant.
You must be an Okta administrator to that tenant.
Your company must already be a Pando customer who has undergone initial onboarding by our Customer Success team.
If you are not a Pando customer, you can request a demo here: https://info.pando.com/demo.
If you are a new Pando customer still waiting for initial onboarding, contact our CS team at support@pando.com.
For every employee that will have access to Pando through Okta, their Pando account email must exactly match their Okta account email.
Supported Features
Service Provider (SP)-Initiated Authentication (SSO) Flow — This authentication flow occurs when the user attempts to log in from the Pando application site at app.pando.com.
Configuration Steps
You will need to manually add a Pando app integration to your Okta organization. Then, provide Pando with the credentials from the Okta app integration. Follow these steps to set up Okta SSO for Pando authentication.
In the Okta dashboard, open the “Applications” menu on the left bar and select “Applications” in the sub-menu.
On the “Applications” page, click the “Create App Integration” button.
Inputs to create the app integration:
Sign-in method: OIDC - OpenID Connect
Application type: Web Application
App integration name: Pando
Logo: Pando logo image file
Grant type: Client acting on behalf of a user > Authorization Code
Sign-in redirect: **https://auth.pando.com/login/callback**
Sign-out redirect: https://app.pando.com
Initiate login URI: https://app.pando.com Note: The idP-initiated login is not yet available, so the link will just send the user to Pando’s login page to use the SP-initiated login.
When you are done creating the new app integration, go to the “Sign-On” tab and copy the values of:
Okta domain
Client ID
Client Secret
Please send those three values to us at support@pando.com. We recommend using a tool like https://onetimesecret.com to add security when sharing this data.
On the Okta Dashboard, assign the users or groups that should be able to log into Pando.
We will reply confirming that your employees are ready to log into Pando using Okta SSO.
SP-initiated SSO
After our Customer Success team confirms that your company and Okta integration are set up on Pando, you can use Okta to log into Pando.
Go to our app at https://app.pando.com
Enter your email address and click the “Next” button.
If you are prompted for your Okta username and password, enter them.
If the credentials above are valid, you will be redirected to Pando and logged into our application.
IdP-initiated SSO is not yet available for Pando. Let us if this is of high priority for your team.
Notes
Once enabled, users can only log into the Pando account through Okta or, if your company has enabled it, Google Sign-in. Old passwords will no longer work for existing users.
If you encounter any issues or have any questions, please do not hesitate to contact support@pando.com.