To set up SSO using Okta as your identity provider (IdP), follow the below steps:

Add an SSO app to your IdP

  1. Sign in to Okta.
  2. Give your SSO app a descriptive name, for example, “Bazaarvoice SSO”. You will then be prompted to add SSO app details. Add sample credentials for now.
    Note: You will be required to add the permanent SAML values in Step 4 of the setup wizard, visible in the following image. Bazaarvoice will provide these values during setup.
  3. During setup, Bazaarvoice provides the sign-in user attributes. Map these to your Okta attributes.

    Okta Mappings

Group IdP access

If required, your IdP administrator can set up group access to your Okta portal. The administrator can then add all users who need access to the Bazaarvoice Portal to this user group. Members of this group can access the Bazaarvoice platform in their personal dock and will be able to sign in to Bazaarvoice solutions through SSO once it has been enabled.

Create a new SSO configuration

To get started:

  1. Sign in to the Bazaarvoice Portal .
  2. From the upper-right corner, select the settings icon settings icon.
  3. Select Manage Users.
    Note: Only Account Administrators can access Users & Permissions. If you’re not assigned the Account Administrator role, sign in to Portal, go to your Profile page and select View Administrators to see who can assign you this role.
  4. Select the Single sign-on tab.
  5. Select Create SSO Configuration in the upper-right corner. The five-step SSO setup wizard will guide you through the following tasks:
    • Configuration setup
    • Base permissions
    • Identity provider settings
    • SAML protocol settings
    • Email domains

Five-step wizard

To complete the five-step wizard, follow the instructions in this video or in the written steps that follow. You can select Save and exit at any time if you need to exit the wizard and return later.

Step 1: Add configuration details

Add your SSO configuration details:

  • Specify a unique configuration name.
  • Select Okta.

Step 2: Assign base permissions

Assign base permission details for any of your Bazaarvoice products. This step will apply base level permissions for all newly created users within your domain. However, you can only assign permissions to instances, solutions, roles, or settings to which you already have access.

The first time a new user signs in using SSO, a new account is created automatically using these base settings. You’ll no longer have to create new users (with your domain name) manually. You can edit these accounts if necessary.

Note: If specific permissions are applied to a single user account, the user permissions will override the configuration base permissions. Specific permissions can only be applied to individual users. We do not provide user groups.
  1. Set base permissions in the following sections:
    • Base instances—Select which instances users can access.
    • Base solutions—Select which Bazaarvoice solutions users can access.
    • Base portal roles—Assign base roles to users. Roles will only appear after you have assigned solutions.
    • Social commerce-Assign Social Commerce settings.
  2. Select Save and continue.
    Base permissions

Step 3: Copy identity provider settings

  1. Copy the Issuer URI from your Okta account and paste it into the Identity provider issuer URI field. For example, https://your-idp.endurancecycles.com.
  2. Copy the SP-initiated SSO URL (not the IdP-initiated SSO URL) from your Okta account and paste it into the Identity provider issuer URI field. For example, https://your-idp.endurancecycles.com/your-idp-path/.
Caution: To avoid a configuration error, ensure that you copy and paste the exact Issuer URI and SSO URL. If these values are not available, add sample values.
  1. Upload a valid, up-to-date x.509 certificate issued by Okta in Identity provider settings.
    Note: This x.509 certificate is a text file that authenticates the identity of your users and your IdP. It must be a valid file type such as .pem, .cer, .crt, .cert, .der, .p7b, .p7c, .p12.
  2. Select Save and continue.
Note: You must enter all information required in this step before being able to select Save and continue.

Step 4: Copy SAML protocol settings

  1. Copy your SAML protocol settings by selecting Copy to the right of each set of protocol values.
  2. Paste them into the configuration section of your Okta account.
    Tip: For further support from Okta, refer to their help documentation .
  3. Replace the sample ACS and URI values you entered earlier with these SAML protocol values:
    • ACS (Assertion Consumer Service) URI
    • Audience URL
    • Default Relay State
  4. Confirm you have completed this step by selecting the checkbox that reads I have added the above information to my IdP’s configuration section.
  5. Select Save and continue.

Step 5: Add and verify email domains

You can now add and verify your email domains, for example, endurancecycles.com. This verification process provides extra security by ensuring that only users with your verified domain(s) can use your SSO configuration.

  1. Add your domains by selecting Add domain.
  2. Verify your domains.
    • To test or enable your configuration, at least one of your domains must be verified.
    • A verification token will be automatically populated, allowing you to create a .txt record following the domain list table.
    • Copy this token and add it to your domain’s DNS settings.
    Note: Depending on your domain provider, it could take hours or several days to verify your domain. Refresh or return to this page later to check if your domain has been verified.
  3. Test your configuration.
    • Once you have at least one verified domain, you are ready to test and enable your configuration.
    • Select Test configuration. You will then be signed out of the Bazaarvoice portal and redirected to the sign-in page.
    • Sign in to the Bazaarvoice portal using your corporate email address.
    Note: If testing is successful, you will return directly to the setup wizard. If there is a problem, you can sign in using your username and password as normal.
  4. Enable your configuration. To enable your configuration for everyone in your organization, select Finish.
    Caution: Once your configuration is enabled, you will no longer be able to test it.
    Email domains

Return to SSO homepage