Table of Contents
Okta Provisioning Setup
1. Log into your Okta account
2. In your company’s Okta page, click on “Admin” in the top right corner
3. On the left side choose “Applications”
4. Click on “Create App Integration”
5. Choose SAML 2.0 and click on “Next”
6. Create SAML Integration
7. Enter the following SSO URL: https://live.timeclock365.com/saml/login_check
And the following Audience URI: https://live.timeclock365.com/saml/metadata
8. Afterwards, go to “General”, then in the section “App Settings” click on “Edit”, make sure that in the row “Provisioning”, “SCIM” is selected.
9. Go to the “Provisioning” tab and copy the settings as shown below.
- The SCIM connector base URL is: https://live.timeclock365.com/scim/
- Unique identifier field for users is: email
10. Okta will ask you for a token here:
- To get the token, log into your TimeClock 365 account https://live.timeclock365.com/.
- Then go to “Settings” -> “Company Profile” -> “General” and if you scroll down you’ll see “generate token”.
- Click on “Generate token”, then click on “Update” in TimeClock 365 to save the newly generated token. Select and copy (Ctrl + C) the token in TimeClock 365 settings into the Okta Authorization form (Ctrl + V), click on “Save”, then “Test Connector Configuration”. Now you can start assigning users via Okta.
Adding SAML Login
1. In your applications in Okta, choose TimeClock 365
2. Then choose “Sign On”
3. In SAML signing certificates choose an active certificate, then “view idP metadata”
4. It will open a tab with the idP metadata, copy the URL in your browser
5. Go to the TimeClock 365 web portal -> Settings -> Company profile -> SAML And paste the link into the IDP metadata path form.
6. Click on „Update“, and without closing the tab, test the login by trying to log in to your account in an incognito tab. If it works, leave the settings (since your are done)if an error appears, then uncheck the „Enable SAML authentification“ checkbox in your account (in the still open tab).
Guide for Setting up Groups and Roles
Understanding Groups and Roles:
Groups: Groups are imported from Okta into our system. They are supposed to represent different categories or teams within your organization.
Roles: Roles in our system define permissions and access levels that users can have based on their group memberships.
Mapping Groups to Roles:
Determine which roles in our system correspond to each group imported from Okta. For example, Group A from Okta might map to Role X in our system.
Users who belong to a specific group in Okta will automatically be assigned the corresponding role in our system during the synchronization process.
Please note that there are four Roles in TimeClock 365: Administrator, Group Manager, Employee, Employee Editor. You can refer to this guide to learn more about them.
Adjusting Order for Rule Priority:
- Log in to our system.
- Navigate to the sidebar -> Settings -> Company profile -> SAML section.
- Click “Add item”.
- Select Group in the left column and Role in the right columns.
Manage order
If a user meets the criteria for multiple rules (e.g., belongs to multiple groups that are defined by different rules), the system applies the role assignment specified by the rule that appears higher in the list.
Let’s say John Smith assigned to the Managers and Employees groups in Okta.
If user are not assigned to the group, you can set up the default Role.
Navigate to the sidebar -> Settings -> Company profile -> Genaral section
Find the Azure user synchronization section and select the Role in the dropdown:
