This article outlines how to configure your account to authenticate via a SAML provider such as Okta.

You must first have a Great Question account created with an Enterprise plan.

Note: Work is still happening to have Great Question listed in the Okta Catalog and published to the OIN. For the time being the application will have to be created manually.

Step 1: Register application in Okta

Create application in Okta

  • In Okta, navigate to the Applications tab and click Applications.

  • Click Add application > Create new app.

  • In the dialog, select SAML 2.0 as the sign on method.

  • Click Create.

Okta Application Settings

  • In the General Settings, enter the application name (Great Question) and add an optional logo.

  • Click Next.

  • On the SAML Settings page:

  • Add the following URL for the Single sign on URL: https://greatquestion.co/users/saml/auth

  • Add the following URL for the Audience URI:
    https://greatquestion.co/users/metadata/

  • For Name ID format, select EmailAddress

  • For Application username, select Email

  • Click Next

  • Click Finish

Step 2: Setting up application in Great Question

Obtain credentials for Great Question from Okta

Once the application is created, complete the following steps:

  • From the Great Question application in Okta, click Sign on.

  • From here, click View Setup Instructions.

  • These are the credentials you need:

Add credentials to Great Question

From your account on greatquestion.co:

  • Navigate to Company Profile in Account

  • In the authentication form:

    • toggle on SAML Authentication

    • add "Identity Provider Single Sign-On URL" to Idp sso target url

    • Add "Identity Provider Issuer" to Idp entity

    • Add "X.509 Certificate:" to Idp cert

    • Click Update Account

SAML is now set up on your Great Question account

Step 3: Signing in via SAML

Any user with access to Great Question in your Okta will automatically be able to sign in from their Okta profile. By default they will be provisioned with a free observer account

Users that already have accounts on Great Question can connect Okta and sign in via https://greatquestion.co/sso

Did this answer your question?