This is a premium product add-on and must be purchased and configured through your Account Manager.
The MANTL Console supports Single Sign-On (SSO) via the OpenId Connect (OIDC) protocol.
Financial institutions who use Okta to manage the digital identities of their employees can easily integrate the MANTL Console as an app in Okta.
This feature makes it faster for employees to adopt and log in to MANTL, while reducing whirlwind work for your IT admins.
Prerequisites
- Enabling SSO on your account will affect all your users immediately in that environment.
- When SSO is enabled, none of your users will be able to log into the MANTL Console with an email address and password, and any previous MFA settings will be ignored.
- Users that attempt to login via an email address will seamlessly redirect through Okta.
- Before adding the MANTL app in Okta, your Customer Success Manager (CSM) will provide you with a Customer ID.
- This value will be the same between UAT and Production environments.
- After you create the app in Okta for your organization, you will need to send a few pieces of information back to your CSM.
- This information includes an OAuth client ID and secret, which is sensitive. Do not email it, instead send it to your MANTL CSM via your preferred secure messaging platform.
- The client ID and secret will be different between UAT and Production environments.
- At this point, your CSM will be able to enable SSO for your organization.
- Most financial institutions will add the MANTL app in Okta twice, once each for UAT and Production environments.
- If you are planning on using both SSO and User Provisioning, you will still only add one app per environment.
Supported Features
- Service Provider Initiated Authentication Flow (SP-Init).
- Users can log in to MANTL using Okta by navigating to the MANTL Console and providing their email address.
- Identity Provider Initiated Authentication Flow (IdP-Init)
- Users can log into MANTL using Okta by clicking on the MANTL icon from their My Apps page or the Okta browser plugin.
Configuration Steps
- Acquire your Customer ID from your CSM.
- In the Okta Admin dashboard, go to Applications > Applications > Browse App Catalog.
- Search "mantl", click the found app, then click Add Integration.
- On the General settings page, set the Application label and Base URL values, then click Done.
- Production
- Application label: MANTL
- Base URL: https://console.mantl.com
- UAT
- Application label: MANTL (UAT)
- Base URL: https://console.uat.mantl.com
- Production
- Navigate to the Sign On tab, then click Edit in the Settings panel.
- Scroll down to the Advanced Sign-on Settings sub-section and set the Customer ID field to the value provided by your CSM.
- Click Save on the bottom of the Settings panel.
- Copy the Client ID, Client secret, and the URL of the OpenID Provider Metadata.
- Send the three copied values to your CSM via your preferred messaging system.
- SSO will not function until your CSM has these values and enables SSO for your tenant.
- Navigate to the Assignments tab, and assign people and/or groups to the app.
SP-Initiated SSO
It's generally quicker and more convenient for SSO users to log in to the MANTL Console by clicking on the MANTL app in the Okta My Apps page or an Okta browser plugin. However, it is still possible for these users to log in from the Console's login page. By clicking the Continue with SSO link then providing their email address, the user will be automatically redirected through Okta.
Troubleshooting
If you encounter any issues or have any questions, please contact your Account Manager.