home

Advantage Platform Administration

Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration ManagerRelease NotesGeneral
Adobe Sign ServicesAdvantage Platform AdministrationApprovals for Advantage PlatformApprovals for SalesforceBilling for Advantage PlatformBilling for SalesforceCLM for Advantage PlatformCLM for SalesforceContracts for SalesforceCollaborateComposer for Advantage PlatformComposer for SalesforceContractsConga for Google DocsConga Upgrade ProgramContract Intelligence (Standalone)CPQ for Advantage PlatformCPQ for SalesforceDeal MaximizerDigital Commerce for Advantage PlatformDigital Commerce for SalesforceDiscovery AI for Advantage PlatformDiscovery AI for SalesforceDocusign ServiceseSignature Integration with Advantage PlatformGridInvoice GenerationMix FormsOrchestrateOrder Management for Advantage PlatformOrder Management for SalesforcePartner Commerce for Advantage PlatformPartner Commerce for SalesforceQuote GenerationSign for Advantage PlatformSign for SalesforceSmart SearchTurboEnginesX-Author for Contracts 1.0 (Classic)X-Author for ContractsX-Author for Contracts Advanced for Advantage PlatformX-Author for Contracts Advanced for SalesforceX-Author for ExcelX-Author for Migration ManagerRelease NotesGeneral

Conga Product Documentation

Welcome to the new doc site. Some of your old bookmarks will no longer work. Please use the search bar to find your desired topic.

Show Contents

Show Page Sections

Advantage Platform Administration

Adding SAML 2.0 Identity Provider

download

Okta as a SAML Identity Provider

To integrate Okta as a SAML 2.0 identity provider, you must create an app in Okta to enable trust with the service provider (Conga Auth Service). After creating an app, you need external_organization_id, Metadata Location URL, and Organization ID Claim Type details.

Step 1: Create an app in Okta

  1. Log in to Okta.
  2. In the Admin Console, go to Applications > Applications.
  3. Click Create App Integration.
  4. Select SAML 2.0 as the sign-in method.
  5. Click Next.
  6. Provide the general information for the integration and then click Next.
  7. In the General section, enter and select details for the following:
    1. Enter the following Assertion Consumer Service URL (ACS Endpoint) per your region-specific environment and check Use this for the recipient URL and destination URL checkboxes.

      Preview environment:

      NA: https://login-rlspreview.congacloud.com/api/v1/auth/Saml2/Acs

      EU: https://login-preview.congacloud.eu/api/v1/auth/Saml2/Acs

      AU: https://login-preview.congacloud.au/api/v1/auth/Saml2/Acs

      Production environment:

      NA: https://login-rls.congacloud.com/api/v1/auth/ Saml2/Acs

      EU: https://login.congacloud.eu/api/v1/auth/Saml2/Acs

      AU: https://login.congacloud.au/api/v1/auth/Saml2/Acs

    2. Enter the Conga Platform Auth endpoint in the Audience URI (SP Entity ID) field.

      Preview environment:

      NA: https://login-rlspreview.congacloud.com/api/v1/auth

      EU: https://login-preview.congacloud.eu/api/v1/auth

      AU: https://login-preview.congacloud.au/api/v1/auth

      Production environment:

      NA: https://login-rls.congacloud.com/api/v1/auth

      EU: https://login.congacloud.eu/api/v1/auth

      AU: https://login.congacloud.au/api/v1/auth

    3. Select the email address option for the name ID format field.
  8. In the Advanced Settings section, configure the following details:
    1. Attribute Statements: Enter external_organization_id in the Name field and the unique value that is used as an external ID while configuring Okta as a SAML identity provider.
    2. SAML Request: Click Browse files... and upload the signature certificate file (.CER file format). To generate the signature certificate:
      1. You can download the service provider metadata file either using the following URL per your environment or from the Add New External Integration screen > Download SP Metadata File button. (refer to Step 3):

        Preview environment:

        NA: https://login-rlspreview.congacloud.com/api/v1/auth/Saml2

        EU: https://login-preview.congacloud.eu/api/v1/auth/Saml2

        AU: https://login-preview.congacloud.au/api/v1/auth/Saml2

        Production environment:

        NA: https://login-rls.congacloud.com/api/v1/auth/Saml2

        EU: https://login.congacloud.eu/api/v1/auth/Saml2

        AU: https://login.congacloud.au/api/v1/auth/Saml2

      2. Open the metadata XML file and go to the Base64-formatted X.509 certificate tag.
      3. Convert the Base64 to .CER format using this online tool.
      4. Copy the generated X.509 certificate with the header and save it with the .CER file extension.
    3. Log Out: Select and enter details for the following:
      1. SLO Initiation: Check the Allow app to initiate single logout checkbox.
      2. Response URL: Use the following URL per your region-specific environment:

        Preview environment:

        NA: https://login-rlspreview.congacloud.com/api/v1/auth/account/SamlLogout

        EU: https://login-preview.congacloud.eu/api/v1/auth/account/SamlLogout

        AU: https://login-preview.congacloud.au/api/v1/auth/account/SamlLogout

        Production environment:

        NA: https://login-rls.congacloud.com/api/v1/auth/account/SamlLogout

        EU: https://login.congacloud.eu/api/v1/auth/account/SamlLogout

        AU: https://login.congacloud.au/api/v1/auth/account/SamlLogout

      3. SP Issuer: Use the following URL per your region-specific environment:

        Preview environment:

        NA: https://login-rlspreview.congacloud.com/api/v1/auth

        EU: https://login-preview.congacloud.eu/api/v1/auth

        AU: https://login-preview.congacloud.au/api/v1/auth

        Production environment:

        NA: https://login-rls.congacloud.com/api/v1/auth

        EU: https://login.congacloud.eu/api/v1/auth

        AU: https://login.congacloud.au/api/v1/auth

  9. Click Save.

Step 2: Get the external_organization_id, Metadata Location URL, and Organization ID Claim Type details

  1. Go to the application configured for authentication.
  2. Open the Sign On tab and go to the SAML 2.0 section.
  3. Copy and save the Metadata URL value for use as a Metadata Location URL.


  4. Open the General tab and go to the Attribute Statements section.
  5. Copy and save the external_organization_id value for use as an External ID.


Step 3: Add Okta as an external integration

  1. Log in to the Conga Advantage Platform as an admin user.
  2. Click the App Launcher () icon from the top-left corner > Admin Console > Organization.
  3. Go to the External Integrations tab.
  4. Click Add New and choose the SAML 2.0 from the list.
    The Add New External Integration screen appears.
  5. Enter values in the following fields as per your SAML 2.0 external integration:

    Field

    Description

    Download SP Metadata File

    Click this button to download the SP metadata file that can be utilized in Step 1.

    Choose IDP Metadata Setup

    You can either enter the metadata location URL or upload the XML file.

    • URL Input: Select this option and enter the Metadata URL that you copied in Step 2.
    • XML File Upload: Select this option and upload your metadata XML file.

    External Organization ID

    Enter the externl_organization_id value that you copied in Step 2.

    Type

    Enter the type of this integration. It is a free-form text field. You can add types such as Dev, QA, UAT, Prod, etc.

    Organization ID Claim Type

    Leave this field blank.

    Description

    Add the description.

    Email Domain

    Enter the email domain you want to associate with designated IdP. It can be added for administrative purposes.

    Display Name

    Enter the display name for the identity provider.

    Default IDP

    Enable the toggle to make it a Default External Integration IdP.

    A user will be created for the external integration set as the Default IdP for the organization. For example, if you have set Okta, a SAML Identity Provider, as the Default IdP, all the new users will be created with the Okta IdP.

  6. Click Save.
Review step 4 if you want to configure the Single Sign-On (IdP-initiated flow).
Note:

Users should only use the IDP-initiated flow to log in to the platform after they have been explicitly onboarded through the Platform Admin Console.

You can edit the external integration. Perform the following steps to edit the existing external integration:

  1. Click the More () icon and select Edit.

  2. Update the Choose IDP Metadata Setup, External Organization ID, Type, Description, Email Domain, Display Name, and Default IDP fields per your business needs.

    Note: You should change the External Organization ID if the Single Sign-On (SSO) external ID changes.

Step 4: Configure Single Sign-On (IdP-initiated flow)

  1. Log in to Okta.
  2. In the Admin Console, go to Applications > Applications.
  3. Select the application configured for authentication.
  4. Open the General tab and go to the Attribute Statements section.
  5. Add the following attribute details as per your environment:

    Attribute

    Details

    redirect_uri

    Enter the Conga Advantage Platform App Url where the user should be redirected after authentication. Use the following URL per your environment:

    client_id

    The SPA Client ID for logging in. Use the following client ID per your environment:

    • Preview Environment:

      NA: rls-preview-spa

      EU: rls-previeweu-spa

      AU: rls-previewau-spa

    • Production Environment:

      NA: rls-prod-spa

      EU: rls-prodeu-spa

      AU: rls-prodau-spa

  6. Click Save.
Administrator Guide
Conga Advantage Platform Administration

May 5, 2025