You can configure a custom application in Okta to enable Single Sign-On with Primalogik. To do this you need to have administrator privileges in your Okta account.


Okta Setup


In the Okta admin UI, go to Applications, click "Add Application" and then click the "Create New App" button. Select the following options:
  • Platform: Web
  • Sign on method: OpenID Connect


On the next screen:


Click Save, then click Edit next to "General Settings" to set the remaining options:
  • APPLICATION - Allowed grant types: Select "Implicit (Hybrid)"
  • LOGIN - Login initiated by: Either Okta or App
  • LOGIN - Application visibility: Select "Display application icon to users"
  • LOGIN - Initiate login URI: Enter the URL below, replacing <oktaSubdomain> by your own Okta subdomain (the part right before ".okta.com" in your Okta URL).


Click Save. It should now look similar to the screenshot below.



Finally, you need to send us the "Client ID" and "Client secret" that are displayed in the Client Credentials section at the top of that page, as well as your Okta subdomain. We must add that config on our side to complete the setup. You will not be able to test the SSO before we add that config on our side. Send an email to support@primalogik.com with the following information:
  • Okta subdomain: <Your Okta subdomain> (the part right before ".okta.com" in your Okta URL)
  • Client ID: <Your client ID>
  • Client secret: <Your client secret>


Signing in to Primalogik


To sign in to Primalogik through Okta SSO, users have these options:

  • Click on the Primalogik app icon within Okta.
  • Bookmark the "Initiate login URI".
  • Access Primalogik though the links included in emails sent by the Primalogik app.

The third option above is very convenient for end-users. For example, when invited to respond to a Primalogik assessment, users receive an email including a link to Primalogik. That link includes a uuid that will allow them to automatically login through SSO and access the questionnaire page directly.


Even when Okta SSO is enabled, users can still login using a username and password, unless you have selected the option "Do not allow password based login" in the General Settings.