Okta SAML

Step-by-step guide to configure Single Sign-on with Okta as the Identity Provider.

1. Create Enterprise Application

Login to your Okta Admin Console. Go to Applications→ Applications.

Locate Applications

In the Applications tab, click on Create App Integration.

Click on Create App Integration

Choose SAML 2.0, and click on Next.

Select SAML 2.0

Give your app a name, choose your app visibility settings, and click on Next.

General Settings for SAML integration

2. SAML Configuration

Copy the SSO URL from the SSO Configuration Portal. Paste this link in the space for SSO URL on the Okta Admin Console.

Copy SSO URL on Configuration Portal

Paste SSO URL on Okta Admin Console

Similarly, copy the Audience URI (SP Entity ID) from the SSO Configuration Portal, and paste it in your Okta Admin Console in the space for Audience URI.

Copy Audience URI on SSO Configuration Portal

Paste Audience URI on Okta Admin Console

You can leave the Default Relay State as blank. Similarly, select your preferences for the Name ID format, Application Username, and Update application username on fields.

Selecting preferences on Okta Admin Console

3. Attribute Mapping

Check the Attribute Mapping section in the SSO Configuration Portal, and carefully map the same attributes on your Okta Admin Console.

Attribute mapping on SSO Configuration Portal

Attribute mapping on Okta Admin Console

4. Assign User/Group

Go to the Assignments tab.

Locate Assignments tab

Click on Assign on the top navigation bar, select Assign to People/Groups.

Select Assign to People or Groups

Click on Assign next to the people you want to assign it to. Click on Save and Go Back, and click on Done.

Assign specific individuals or groups to app

5. Finalize App

Preview your SAML Assertion generated, and click on Next.

Preview SAML Assertion

Fill the feedback form, and click on Finish once done.

Feedback form after configuring SAML

6. Upload IdP Metadata URL

On the Sign On tab copy the Metadata URL from the Metadata Details section on Okta Admin Console.

Copy Metadata URL from Okta Admin Console

Under Identify Provider Configuration, select Configure using Metadata URL, and paste it under App Federation Metadata URL on the SSO Configuration Portal.

Paste Metadata URL on SSO Configuration Portal

7. Test Connection

Click on Test Connection. If everything is done correctly, you will see a Success response as shown below.

If the connection fails, you’ll see an error, the reason for the error, and a way to solve that error right on the screen.

Test SSO configuration

8. Enable connection

Click on Enable Connection. This will let all your selected users login to the new application via your Okta SSO.

Enable SSO on Okta Admin Console

With this, we are done configuring your Okta application for an SSO login setup.