For Okta SSO, you will need to install the Okta Altruistiq Application from the Okta integration store, and configure both that application and the SAML authentication settings in Altruistiq.
Requirements
You must be an organisation Admin in the top level Business Unit of your organisation to use this feature.
Setup Guide
Part 1: Setting up SSO as the preferred login method in Altruistiq
Go to https://app.altruistiq.com/organization/settings (Organization settings)
Select Authentication from the side menu
Change the authentication to
Okta SAML, you will see the below screen
Part 2: Installing and Configuring in Okta
Install the Altruistiq app from the Okta integrations to your Okta account. A link to our application can be found here.
In Okta, select from the side menu Applications → Applications. Select the Altruistiq application that was just installed.
In the Sign On tab, copy the Default Relay State as provided in the organisation settings screen. This data is identified by the first red arrow in the below picture. Paste this Default Relay State into the Altruistiq app (see Part 1, Step 3)
Part 3: Setting up SAML in Altruistiq
On the same page as Part 2, Step 3, press the “View SAML setup instructions”. This is highlighted by the second red arrow. This will open a new page, like the example below:
Copy paste the three provided values on this page into Altruistiq under the Okta authentication settings (the same page as Part 1, Step 3)
Save settings in Altruistiq. You should now have Okta configured.
Controlling Entitlement
By default Entitlement is controlled by Okta. You can configure Okta (your identity provider - IdP) or Altruistiq to control entitlement by selecting the additional setting below.
When you set up SSO with Altruistiq-controlled entitlement, here's what it means for your organisation:
How it works
Authentication happens through your identity provider (IdP)
Users log in using their company credentials (e.g., Microsoft, Okta)
Your IdP verifies who the user is
Access and permissions are managed in Altruistiq
We control who can access the platform
We manage user roles and permissions
Your admins invite users and assign roles within our platform
What this means for you
For admins
Invite users through the Altruistiq platform (not your IdP)
Manage all user roles and permissions in Settings > Manage users
Remove access by deactivating users in Altruistiq
Your IdP only handles the login process
For users
Log in with your company credentials
Access depends on being invited to Altruistiq by an admin
Your permissions are set by your Altruistiq admin
Key differences from IdP-controlled entitlement
Aspect | Altruistiq-controlled | IdP-controlled |
User provisioning | Manual through Altruistiq | Automatic from IdP |
Role assignment | In Altruistiq platform | Defaults to no access. Can be upgraded in Altruistiq. |
Access removal | Deactivate in Altruistiq | Remove from IdP group |
User management | Centralised in Altruistiq | Centralised in IdP |
Common questions on entitlement
Can users access Altruistiq just because they're in our IdP? No. Users must be explicitly invited by an Altruistiq admin, even if they can authenticate through your SSO.
What happens if we remove someone from our IdP? They can't log in anymore, but you should also deactivate them in Altruistiq to ensure proper access control.
Can we switch to IdP-controlled entitlement later? Yes. Contact your customer success manager to discuss migration options.
Disabling credentials login for Admin Users
All Altruistiq SSO maintains a credentials login for Admins. This allows Admins to log into Altruistiq account with their credentials to fix misconfigured SSO settings. To disable this workaround for increased security select Disable Altruistiq log in with credentials for admins and save the settings.