Okta Configuration Guide

How to configure SAML 2.0 for RethinkCare

Read this before you enable SAML

Enabling SAML affects all your employees who use RethinkCare application. Users won’t be able to sign in through their regular sign-in page. They are able to access RethinkCare app through the Okta service.

Prerequisites

When using SAML as the SSO mode with provisioning, you need to enable a specific account plan on the application side for silent activation.

Supported features

IdP-initiated SSO (through Third-party Initiated Login)
Just-In-Time provisioning

For more information on the listed features, visit the Okta Glossary.

Supported features

Create users
Update user attributes (contact support)

Okta can’t update user attributes for Admin users. This is an API limitation.

For more information on the listed features, visit the Okta Glossary.

Backup URL

RethinkCare doesn’t provide a backup sign-in URL where users can sign in using their regular username and password. If necessary, contact Support ([email protected]) to turn off SAML.

Configuration steps (option 1)

Copy the Metadata URL from the Okta Admin Console, SAML 2.0 Sign on methods section.
Contact the RethinkCare support team (for example, [email protected]) and request that they enable SAML 2.0 for your account. Include the “Metadata URL” value from the previous step. The RethinkCare support team processes your request.
Your SAML configuration for RethinkCare is complete. You can start assigning people to the application.

Note

Ensure that you entered the correct value in the “Subdomain” field under the General tab. The wrong subdomain value prevents you from authenticating through SAML to .
Since only SP-initiated flow is supported, Okta recommends hiding the application icon for users.
The following SAML attributes are supported:

Name	Value
email	user.email
firstName	user.firstName
lastName	user.lastName

Note

The External ID is a required attribute, but it doesn’t have a default mapping. This is because some customers prefer to set it to EmployeeNumber, and others like to set it to emailAddress. Assign the mapping to the correct value for your organization.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	1 year	The cookie is set by the GDPR Cookie Consent plugin to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
cookielawinfo-checkbox-non-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Non-necessary" category .
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.

Cookie	Duration	Description
__lc_cid	2 years	This is an essential cookie for the website live chat box to function properly.
__lc_cst	2 years	This cookie is used for the website live chat box to function properly.
__oauth_redirect_detector	past	This cookie is used to recognize the visitors using live chat at different times inorder to optimize the chat-box functionality.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Cookie	Duration	Description
_an_uid	7 days	No description available.
6suuid	2 years	No description available.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description