Skip to main content

Okta SSO

Configuring Single Sign-On (SSO) in Okta for Authorium enables centralized identity management and secure access control. This guide walks you through setting up and configuring the integration.

Prerequisites​

  • Administrator access to the customer’s Okta instance
  • Administrator access to Authorium
  • SSL certificates for SAML signing
  • Understanding of SAML assertion requirements

Configure Okta (Identity Provider Side)​

Step 1: Create a New SAML Application​

  1. Log in to Okta Admin Console
  2. Navigate to Applications > Applications
  3. Click Create App Integration
  4. Select SAML 2.0 as the Sign-in method
  5. Click Next

Step 2: Configure SAML Settings​

General Settings

  • App name: Authorium
  • App logo (optional)

Configure SAML Integration

  • Single Sign-On URL (ACS URL):
    https://app.authorium.com/users/auth/saml/callback
  • Audience URI (Entity ID):
    https://app.authorium.com/auth/saml
  • Default RelayState (optional)
  • Name ID format: Email Address
  • Application username: Email
  • Single Logout URL:
    https://app.authorium.com/users/auth/saml/single_log_out

Advanced Settings

  • Response: Signed
  • Assertion: Signed
  • Authentication context class: PasswordProtectedTransport
  • Enable Single Logout: Checked

Configure Attribute Statements (if required)

AttributeValue
Emailuser.email
First Nameuser.firstName
Last Nameuser.lastName
Additional attributes as needed

Step 3: Download SAML Documentation​

Collect and save the following from Okta for Part 2:

  • Identity Provider Single Sign-On URL
  • Identity Provider Single Logout URL
  • Identity Provider Issuer
  • X.509 Certificate
  • Federation Metadata XML file
    Save the Federation Metadata XML as a .txt file for upload to Authorium.

Configure Authorium (Service Provider Side)​

Step 1: Access SAML Configuration​

  1. Navigate to Authorium.
  2. Sign in with your administrator account.
  3. Select the appropriate Organization.
  4. Click the kebab menu to the right of the Organization name.
  5. Navigate to Internal Authentication.
  6. Select Single Sign-On.
  7. For Identity Provider, select Okta.
  8. For Authentication Protocol, select SAML.

Step 2: Enter SAML Configuration​

Upload or enter the following fields:

  • Federation Metadata XML: Upload the XML file (must be .txt format as of 01/30/2025)
  • SAML Certificate: Copy the X.509 certificate from Okta
  • SAML Sign-On Endpoint: Enter the IdP SSO URL
  • SAML Log-out Endpoint: Enter the IdP SLO URL
  • SAML Issuer: Enter the IdP Issuer URI

Step 3: Verify Configuration​

Ensure the following Service Provider endpoints are correctly configured:

  • ACS URL: https://app.authorium.com/users/auth/saml/callback
  • Single Logout URL: https://app.authorium.com/users/auth/saml/single_log_out
  • Entity ID: https://app.authorium.com/auth/saml

Testing the Integration​

Step 1: Test Log In​

  • Identify who on the call is part of the group policy and day-to-day platform users
  • Create Authorium membership for one user in the customer’s Okta group policy
  • Send the invite link and ask the user to attempt login during the call
  • If successful, the integration should work for all users in the group policy
  • If unsuccessful, proceed to Troubleshooting

Step 2: Test Log Out​

  • Initiate logout from Authorium
  • Verify logout success from both Authorium and Okta
  • Confirm redirect to the appropriate post-logout destination

Step 3: Confirm Certificate Expiry Date​

You should email support@authorium.com the certificate expiry date to keep on file.

Troubleshooting​

Common Issues and Solutions​

Certificate Issues​

  • Verify certificate is Base64 encoded X.509 format
  • Check certificate expiration dates
  • Ensure certificate is copied without extra spaces
  • Federation Metadata XML must be uploaded as a .TXT file for proper ingestion

URL Mismatch​

  • Confirm all URLs exactly match between IdP and SP
  • Check for proper URL encoding
  • Verify correct HTTP/HTTPS protocols
  • Do not include https:// prefix on the customer's domain entry

User Attribute Issues​

  • Verify attribute mapping configuration
  • Check SAML response for correct attribute formats
  • Confirm required attributes are included in the response