Single Sign-On Configuration — Okta

1. Create a New App Integration in Okta

Okta Admin Console dashboard

  1. Log in to your Okta Admin Console.
  2. Go to Applications → Applications.
  3. Click Create App Integration (or Add Application → Create New App).
  4. Choose the protocol:
    • Protocol Selection
    • SAML 2.0, then click Next.
  5. Fill in the General Settings:
    • Name: e.g., Zenity-SSO
    • Application Name

2. Configure the SAML Settings

SAML Settings overview

In the SAML Settings screen, enter the following:

Single Sign-On URL (ACS URL)

  • EU Hosting Region:
    https://zenity-prod.eu.auth0.com/login/callback?<account-name>-saml-okta
  • US Hosting Region:
    https://zenity-prod-us-1.us.auth0.com/login/callback?<account-name>-saml-okta

Audience URI (SP Entity ID)

  • EU Hosting Region:
    urn:auth0:zenity-prod:<account-name>-saml-okta
  • US Hosting Region:
    urn:auth0:zenity-prod-us-1:<account-name>-saml-okta

Additional Settings

  • Check Use this for Recipient URL and Destination URL if applicable.
  • Set the Name ID format to EmailAddress.
  • Set Application username to Okta username (or as required).

Configure Attribute Statements

Attribute Name Value
email user.email
name user.firstName + " " + user.lastName

Attribute Statements configuration

After completing the fields, click Next → Finish.

3. Assign the Application to Users or Groups

  1. Go to the Assignments tab in your new app.
  2. Click Assign → Assign to People (or Groups).
  3. Select the users or groups that should have access.
  4. Save the assignments and confirm that users can see the app in their Okta dashboard.

4. Collect Metadata and Certificates for the Service Provider

Collect Metadata

  1. Open the app’s Sign On tab and click View Setup Instructions (for SAML).
  2. Copy the following:
  3. Identity Provider SSO URL
  4. X.509 Certificate (Base64)
  5. Provide these details to your Service Provider.
  6. If requested, download the metadata XML from Okta.

5. Test the SSO Integration

Test login through Okta

  1. As an assigned user, attempt to log in to the app via Okta.
  2. Verify successful redirection and authentication.
  3. If issues arise, check for:
  4. Incorrect Redirect or ACS URLs
  5. Missing user assignments
  6. Invalid or expired certificates
  7. Name ID format mismatches