This article explains the steps needed to implement SSO and/or User Provisioning through Okta. First we explain how to set up Okta in one single location, then we explain how to set it up if you use Proxyclick in many locations.


  • Plan Large and Enterprise
  • Admin access to Proxyclick (for every location)

Setting up Okta in 1 single location

Step 1: Add an application

Log into Okta. Go to Admin > Applications.

Pasted image at 2016_06_22 02_40 PM

Click on Add application.


Search for Proxyclick and click on Add.


Enter your Company Id. You’ll find your company id in your Proxyclick account at Account and Settings > Integrations > SAML (see below).


You do not need to check the 2 boxes next to Application Visibility. Click on Next.


Click on Next (we will activate user provisioning later).


This step is optional. Click on Next.


Click on Done.


Step 2: Configure single sign-on (SSO) based on SAML 2.0

Open the Proxyclick app in Admin > Applications and go to the Sign On tab.


Click on Edit.


Select Email for Application username format and click on Save.

Click on View Setup Instructions.

Pasted image at 2016_06_22 03_00 PM

Copy the IDP Issuer/Entity ID, the Login URL/SignOn URL and the x.509 Certificate.

Log into Proxyclick. Go to Account and Settings > Integrations > SAML. Click on Activate SAML (if not enabled).


Paste the 3 values copied from Okta and click on Save changes.


Step 3: Configure user provisioning

Open the Proxyclick app in Admin > Applications and go to the Provisioning tab.


Click on Enable Provisioning.


Check the box Enable provisioning features.


Copy the SCIM Base URL and the SCIM Bearer Token values from your Proxyclick account at Accounts and Settings > Integrations > User Provisioning (see below).


Scroll down to enable provisioning feature(s) you want to use.

Feature User Import


Select your preferred period in the Schedule import list if you want to activate the user import. Leave the other parameter to their default.

Feature Create Users


Check the box Enable to activate the creation of the user in Proxyclick when the user is assigned to the Proxyclick app.

Feature Update User Attributes


Check the box Enable to update the user profile in Proxyclick when the user info is updated in Okta.

Feature Deactivate Users


Check the box Enable to delete the user in Proxyclick when the user is unassigned from the Proxyclick app or when the user is deactivated in Okta.

Click on Save.


Setting up Okta in many locations

User Provisioning

If you use Proxyclick across multiple locations, you’ll need to follow the steps 1 and 3 described above for every location (1 Proxyclick location = 1 Okta app).


Regarding Single Sign On, you have 2 options:

Option 1 is to set up SSO for every location (follow Step 2 described above for every location). Users with access to x locations will then see x Proxyclick icons (1 per location).

Option 2 is to set up only 1 SSO link that works for every user. All users see only one Proxyclick icon that leads every user to her home location (can be different per user). Here are the steps to follow in order to set up option 2

  • On all applications you created in Okta for User Provisioning, please check the option “Do not display application icon to users”


  • Create one additional application in Okta and activate SSO (Steps 1 and 2 above). This application should not correspond to any  physical office but only exists to manage SSO at global level. Do NOT provision users in this application. For this application please leave “Do not display application icon to users” unchecked.
  • Send the following 3 elements to IDP Issuer/Entity ID, the Login URL/SignOn URL and the x.509 Certificate
  • We will then create a so-called “landing location”: a Proxyclick location with the SSO certificate you just sent but without users. Once set up, your users only see one Proxyclick icon leading to the landing location. They will then be immediately routed to their home location. From a user perspective, they will immediately land into their real home location (they do not notice they first log in the landing location)

Please let us know if you have any questions. We’re there to help!