Configuring SSO

GreenPlaces offers single sign on through OpenID Connect or SAML 2.0. SSO is a secure way to provision GreenPlaces user accounts using your organization's existing identity provider.

Please reference the below documentation on how to configure Single Sign On with your GreenPlaces account.

For customers desiring to integrate an identity provider such as Okta with GreenPlaces, single sign on settings can be configured from the GreenPlaces dashboard by your platform administrator.

To configure your SSO settings, navigate to https://app.greenplaces.com/single-sign-on.

Step 1: Find your Organization ID

Navigate to the Preferences tab in the GreenPlaces platform. Select “Single Sign On” from the top navigation bar.

Your company’s base organization ID will be displayed at the bottom of the screen. Copy this organization ID to use in the next step.

Step 2: Create a Private App in Okta

To utilize SSO with GreenPlaces using Okta, first create a private app within your Okta dashboard.

To create the private application, click “Create App Integration”. This will open a modal that asks for the type of application you’re wanting to create.

Select “OIDC - OpenID Connect” as the “Sign-in method”.

Select “Web Application” as the “Application type”. Click “Next”.

On the next screen, enter the following details to configure your application:

App integration name: GreenPlaces
Logo: We recommend using the logo file included at the end of this document.
Grant type
- Uncheck “Client Credentials”
- Check “Authorization code”
Sign-in redirect URIs
- The url should be set to https://app.greenplaces.com/oauth/ORGANIZATION_ID/callback, where ORGANIZATION_ID is the base organization ID that was identified earlier within the GreenPlaces platform.
- Please note: if you are configuring multiple SSO providers with GreenPlaces, your organization ID may have an integer at the end such as “-1” or “-2”. For most use cases, your organization only has one organization ID.

You can now assign the users from your organization that you would like to have access to the application.

Step 3: Add your Okta App to GreenPlaces

In the GreenPlaces platform, click “Create” to add a new SSO configuration.

Enter in the following information into the form to create your Okta provider:

Select “Okta” as the Provider.
For the Base URL, enter in the login url for your company. This may be something like “https://login.example.com”. You can find your base URL under Customizations > Brands in the Okta Dashboard.
Enter the Client ID and Client Secret from the application page that we created in Step 2.
Note: you can always rotate your client secret as often as desired in accordance with your company’s internal security and compliance policies.

Click “Save” to continue.

Share the Organization ID of your SSO configuration with the users that are assigned access to GreenPlaces. Then, navigate to the GreenPlaces login page at https://app.greenplaces.com/login.

Click “Sign in with SSO” at the bottom of the screen. This will open a modal that asks for the Organization ID.

Enter the Organization ID in the text box. Click “Continue” to start the authentication process.

You will be directed to sign in with Okta. Enter in your login credentials with Okta and click “Sign in”.

If the user is assigned to the GreenPlaces application, they will be redirected to the GreenPlaces Dashboard.

For customers desiring to integrate single sign on using SAML 2.0 with GreenPlaces, single sign on settings can be configured from the GreenPlaces dashboard by your platform administrator.

To configure your SAML 2.0 settings, navigate to https://app.greenplaces.com/single-sign-on.

Step 1: Create a New Provider

Create a new provider and select "SAML 2.0" as the provider type. If you have your Identity Provider details, please enter them at this time. If you do not have your Identity Provider details, you can provide them at any time in the future. Click "Save" to continue to the next step.

Identity Provider (IdP) Details

Entity ID: This is typically expressed as a unique URL, such as https://onelogin.com/your-company/unique-id.

Login URL: This is a URL where your users login, such as https://accounts.your-company.com.

Logout URL: This is a URL where your users logout, such as https://accounts.your-company.com/logout.

X509 Certificate String: This should be the certificate that your IdP uses to encrypt messages between with a Service Provider (SP).

Step 2: Copy SAML Details to your Identity Provider

After you click "Save", a dialog will appear with some information that is commonly requested by an IdP when adding a new Service Provider. You can access these values at any time by clicking "Details" on any SAML provider.

Copy these details to your IdP. If you would like any assistance with this process, please let us know and someone from our engineering team will be happy to help.

Step 3: Assign Users from your Identity Provider

User accounts within GreenPlaces will be created using just-in-time provisioning. To disable access for a user account, you can deprovision the account from your identity provider.

Required Attributes

For each user, the SAML attributes for "email", "name" and "role" should be shared.

email: The email address of theuser.
name: The full name or display name of the user.
role: The desired role for the user as a string. This can either be manager of member.