Configuring Okta SSO with SAML

Deprecated
  • Updated on Jun 22, 2025
  • Published on Feb 13, 2025
  • 4 minute(s) read
  • DL
  • Migration Team
 Prev Next

Support for SAML 2.0 will be discontinued in the near future. If you are currently using SAML 2.0, we strongly recommend planning your transition to OpenID Connect, which provides better compatibility with modern authentication standards and infrastructure. Please begin migrating as soon as possible to ensure uninterrupted service.

Configuring SAML for Encodify through Okta

Please, note that all configurations in OKTA should be done in Classic UI

Receiving the Federation Metadata

Account and Application should be created in order to be able to recreate following instructions. Please use "How to..." instructions represented below in case if needed.

  1. Sign in to your Okta portal page using the Your Okta domain as URL. (Note: Domain was generated after account creation and was sent to you in activation email)
    oktaLogin_edited.jpg

  2. Click on "Admin" button

  3. Switch to Classic UI
    okta1_edited.jpg

  4. Click on "Applications" tab > Select "Applications" option

  5. Go into selected application
    oktaApp_edited.jpg

  6. Switch to "Sign on" tab

  7. Click on "Identity Provider metadata" link
    idp3_edited.jpg

  8. Copy URL

Receiving the Reply URL

  1. Go into selected application in Classic UI

  2. Switch to "General" tab

  3. Copy link entered into "Single Sign On URL" field in SAML Settings

oktaReplyUrl_edited.jpg

Receiving the External User ID Attribute

  1. Go into selected application in Classic UI

  2. Switch to "General" tab

  3. Edit SAML Settings > Go to "Configure SAML" step

  4. In "ATTRIBUTE STATEMENTS (OPTIONAL)" section click on "Add Another" button

  5. Enter any name

  6. Enter value: user.email 727c4a5100__1_.jpg

  7. Proceed to the next page > Save changes

  8. Copy the name of created attribute

  9. Enter it as "External User ID Attribute" on the third step of IdP creation idp2.jpg

How to perform access right mapping

  1. Create attributes with correspondent name in OKTA (Use article "How to add/manage attributes in OKTA" for more information) access_right_1.jpg access_right_2.jpg

  2. Open selected Application > Go to Assignments tab

  3. Open Edit page of the selected person from the "People" list

  4. Enter value into the attribute field > Save changes 30073ffdd4__1_.jpg

  5. Generate XML file for access right mapping

  6. Go to the "Access Right Mapping" step of IdP SAML configuration wizard

  7. Enter attributes name into the "Access Right Mapping" field

  8. Import previously generated file > Select correspondent values from Claim Key and Access Right Mapping drop downs

e6a6d1b381.jpg

How to perform User Groups Mapping

  1. In Okta: Create a group and assign it to the selected person and add created group to the list of attributes (Use article "How to create/manage groups in OKTA" for more information) b388c96f6d.jpg

  2. Generate XML file for user groups mapping

  3. Go to the "User Groups Mapping" step of IdP SAML configuration wizard

  4. Enter attributes name into the "User Groups Mapping" field

  5. Import previously generated file > Select correspondent values from Claim Key and Access Right Mapping drop downs 959a55512b.jpg

How to map the attributes from OKTA to the Encodify User attributes

CASE 1: mapping of original attributes from the User Profile in OKTA

  1. Go to OKTA > Switch to Classic UI > Open created application

  2. Open profile of created person: Directory > People > Click on Name >Profile tab

  3. Fill in attribute that need to be mapped 0722eca356.jpg

  4. Go to the Applications > General tab > Create new attribute d32d0f0054.jpg

  5. Go to the Encodify system > Open IdP configuration widget > Add new attribute

4a063018e0.jpg

CASE 2: mapping of custom attributes from OKTA

  1. Create new attributes in OKTA using steps from article "How to add/manage attributes in OKTA"

  2. Go to the Encodify system > Open IdP configuration widget > Add new attribute

How to create an account in OKTA

  1. Go to https://developer.okta.com/

  2. Click on "CREATE FREE ACCOUNT" button > Fill in the form > Click on "GET STARTED" button

  3. Activate your account using the link in received email message

  4. Fill in the form

  5. Save changes

How to add new project application in OKTA

  1. Switch to the Classic UI

  2. Go to Applications tab
    applicationsTab_edited.jpg

  3. Click on “Add Application” button

  4. Click on “Create new App”> Choose Web platform + SAML 2.0 > Create

  5. Enter value into “App name” field > Proceed to the “Configure SAML“ step

  6. Use data from the screenshot below as a sample > Fill in data on the form
    OKTA2.jpg

  7. Proceed to the next screen

  8. Select “I'm a software vendor. I'd like to integrate my app with Okta“ radio button

  9. Click on “Finish” button

How to create personal accounts in OKTA

  1. Click on "Directory" tab (use Classic UI) > Select "People" sub tab

  2. Click on “Add Person” button

    addPeople.jpg

  3. Fill in required fields

  4. Click on “Save” button

How to assign people to the corresponding application in OKTA

  1. Switch to "Applications” tab (use Classic UI)

  2. Switch to “Assignment” sub tab
    assigns_edited.jpg

  3. Click on “Assign” button > Click on “Assign to People” option

  4. Select users from the list

  5. Click on “Done” button

How to create/manage groups in OKTA

Create group:

  1. Click on "Directory" tab (use Classic UI) > Select "Groups" option

  2. Click on Add Group button > Enter group name that starts with “group” > Save changes groups_edited.jpg

Assign people to the group:

  1. Click on the name of created group

  2. Click on “Manage People” button

    manageGroup_edited.jpg

  3. Select people that need to be added to the group > Save changes

Add created groups to the list of attributes:

  1. Switch to "Applications” tab > Enter into selected application

  2. Switch to the "General" tab > Edit SAML Settings

  3. Add group attribute to the GROUP ATTRIBUTE STATEMENTS > in Filter select Starts with “group”

    general_settings_edited.jpg

  4. Save changes

How to add/manage attributes in OKTA

  1. Click on “Directory” tab (use Classic UI) > Select "Profile Editor" option

  2. Click on "Edit" button near the selected profile > Add attribute
    okta4_edited.jpg

  3. Go to “Applications” tab > Enter into selected Application

  4. Switch to "General" sub tab > Edit SAML Settings > Add attribute(s)
    okta3_edited.jpg

How to create people with Individual type by default (in OKTA)

be0bb6dba5.jpg

  1. Create Groups and assign them to specific applications (use article "How to create/manage groups in OKTA" for more information)

  2. Create person (use article "How to create personal accounts in OKTA" for more information)

  3. Assign person to the application (use article "How to assign people to the corresponding application in OKTA" for more information)

  4. Only after that assign person to different Groups

How to create people with Group type by default (in OKTA)

819ce0f1af.png

  1. Create Groups and assign them to specific applications (use article "How to create/manage groups in OKTA" for more information)

  2. Create person (use article "How to create personal accounts in OKTA" for more information)

  3. Assign person to the Group (use article "How to create/manage groups in OKTA" for more information)

As result, person automatically becomes assign to the same application as it group AND person have an Group type by default.

It means that User will inherit all personal information from the Group profile that he belongs to. And all user data need to be entered on Edit Group page

6f95a8fe90.jpg

To change user type:
Open Edit page of the user (Applications > selected application > Assignments) > Select radio button "Administrator (overrides group)" from "Assignment master" field

2b26bc5d23.jpg