This article explains the steps needed to implement SSO and/or User Provisioning through Okta. First we explain how to set up Okta in one single location, then we explain how to set it up if you use Proxyclick in many locations.


  • Plan Large and Enterprise
  • Admin access to Proxyclick (for every location)

Setting up Okta in 1 single location

Step 1: Add an application

Log into Okta. Go to Admin > Applications.

Pasted image at 2016_06_22 02_40 PM

Click on Add application.


Search for Proxyclick and click on Add.


Go to the Proxyclick Marketplace and install Okta.

Copy the Company ID from the Okta configuration page in Proxyclick and paste it in the Company Id on Okta.

You do not need to check the 2 boxes next to Application Visibility. Click on Next.


Click on Next (we will activate user provisioning later).


This step is optional. Click on Next.


Click on Done.


Step 2: Configure single sign-on (SSO) based on SAML 2.0

Open the Proxyclick app in Admin > Applications and go to the Sign On tab.


Click on Edit.


Select Email for Application username format and click on Save.

Click on View Setup Instructions.

Pasted image at 2016_06_22 03_00 PM

Copy the IDP Issuer/Entity ID, the Login URL/SignOn URL and the x.509 Certificate (including the BEGIN and END header and footer).

Paste the information copied from Okta in the Okta configuration page in Proxyclick.

Paste the 3 values copied from Okta and click on Save changes.

Your Okta connection is ready. You can now use the URL in the Login URL/SignOn URL field to log into Proxyclick using Okta SSO or log into Okta as a user and chose the Proxyclick app. But you will still need to add users in Proxyclick before you try to login with SSO (you can do it manually, in bulk or via User Provisioning. See next steps to configure User Provisioning with Okta).


Step 3: Configure user provisioning

Open the Proxyclick app in Admin > Applications and go to the Provisioning tab.


Click on Enable Provisioning.


Check the box Enable provisioning features.


If you didn’t do it already, go to the Proxyclick Marketplace and install Okta.

Then go to the Okta configuration page in Proxyclick and copy the Base URL and the API Token to paste them in Okta.

Scroll down to enable provisioning feature(s) you want to use.

Feature User Import


Select your preferred period in the Schedule import list if you want to activate the user import. Leave the other parameter to their default.

Feature Create Users


Check the box Enable to activate the creation of the user in Proxyclick when the user is assigned to the Proxyclick app.

Feature Update User Attributes


Check the box Enable to update the user profile in Proxyclick when the user info is updated in Okta.

Feature Deactivate Users


Check the box Enable to delete the user in Proxyclick when the user is unassigned from the Proxyclick app or when the user is deactivated in Okta.

Click on Save.


Setting up Okta in many locations

User Provisioning

You can configure Okta and manage users across multiple locations from a single Proxyclick account.

  1. Connect Okta in your main location (follow the steps above)
  2. Click on Multi-location mapping on the Okta integration in your Integration List

Important to note: If you do not see the Multi-location mapping button, then it means you are running on an older version of our Okta integration. All you have to do is disconnect the integration and then reconnect it before continuing with the remaining steps.

You will then see the list of all the locations for which you’re an Admin. From this list, you can enable/disable User Provisioning for each location independently using the toggle button.

Once enabled, you will be able to either import all users for provisioning in that location or define your own filters for specific users.

You can filter users based on their city and language using the appropriate conditions for each.


If you are provisioning the same users in multiple locations, you can use the Advanced menu to force their “home location”. Proxyclick would then use this as the default location for new visits created (e.g., when using the Generic Calendar Integration).


Regarding Single Sign-On, you have 2 options:

Option 1 is to set up SSO for every location (follow Step 2 described above for every location). Users with access to x locations will then see x Proxyclick icons (1 per location).

Option 2 is to set up only 1 SSO link that works for every user. All users see only one Proxyclick icon that leads every user to her home location (can be different per user). Here are the steps to follow in order to set up option 2

  • On all applications you created in Okta for User Provisioning, please check the option “Do not display application icon to users”


  • Create one additional application in Okta and activate SSO (Steps 1 and 2 above). This application should not correspond to any physical office but only exists to manage SSO at the global level. Do NOT provision users in this application. For this application please leave “Do not display application icon to users” unchecked.
  • Send the following 3 elements to IDP Issuer/Entity ID, the Login URL/SignOn URL and the x.509 Certificate
  • We will then create a so-called “landing location”: a Proxyclick location with the SSO certificate you just sent but without users. Once set up, your users only see one Proxyclick icon leading to the landing location. They will then be immediately routed to their home location. From a user perspective, they will immediately land into their real home location (they do not notice they first log in the landing location)

Please let us know if you have any questions. We’re here to help!

Print Friendly, PDF & Email