Set up SSO to Checkr from Okta

This article will show you how to configure a SAML SSO Application for Checkr in Okta. For general information about SAML SSO at Checkr, please review the following article:

Self-Service SSO: Enable Single Sign On using SAML for your account

This article has the sections below:

• Configure IdP-initiated SSO
• Configure SP-initiated SSO

Configure IdP-initiated SSO

1. In Okta, navigate to the Applications tab and click “Create App Integration”.
   
2. A modal will appear asking you to select a Sign-in method. Choose “SAML 2.0”.
3. In “General Settings” configure basic visibility settings for your app in Okta. Click “Next” when you are done.
4. Open a new browser tab and sign into your Checkr Dashboard as a user with the Admin role.
5. In Checkr, navigate to Account Settings > Single Sign On.
6. In Okta, update the following fields on the “Configure SAML” screen, using the information provided on the “Single Sign On” screen in Checkr. Then scroll down in Okta and click “Next”.
   
7. In Okta, on the “Feedback” page, answer the questions presented and click “Finish”.
8. You’ll be taken to a screen with the header “How to Configure SAML 2.0 for {appname} Application”. NOTE: if this does not appear automatically, look for a button the right side of the screen that reads “View SAML setup instructions”. In Checkr, update the following fields using the information provided by Okta. Then click “Create” in Checkr.
   
9. Configuration complete! Now assign a Person or Group to your new Checkr application in Okta, and ask them to test signing into Checkr using Okta.

Configure SP-initiated SSO

1. Before you start, make sure you have followed the steps for IdP-initiated SSO above.
2. In Checkr, navigate to Account Settings > Single Sign On.
3. Enter an email domain into the “Email Domain” field. When users arrive at Checkr’s login screen and enter a username, only usernames that end with this domain will be redirected to your IdP for authentication.
   
4. Then click “Save” in Checkr.
5. Configuration complete! Test your SP-initiated SSO flow by instructing a user to log out of Checkr, then navigate to the Checkr login screen. When they enter a username with the email domain you configured above, the password field should disappear. Upon submitting the login form, the user should be redirected to your IdP for authentication, then back to Checkr and logged in successfully.