Skip to main content
Setting Up Okta SSO with Statisfy By setting this up, the users will be able to log in using their existing Okta credentials, ensuring secure, centralised, and simplified access management.

Prerequisites

Before you begin, make sure you have:
  • Access to Okta Admin Console with permissions to configure applications.
  • SAML configuration details: Ability to configure SAML SSO settings within your application. This will be provided to you during onboarding.

Step 1: Add Statisfy as a SAML App in Okta

  1. Log in to Okta Admin Console:
  2. Create a New Application Integration:
    • From the left sidebar, select Applications.
    • Click on Applications again, then click Create App Integration.
  3. Choose SAML 2.0 as the Sign-in Method:
    • In the Create a new app integration dialogue, select SAML 2.0.
    • Click Next.

Step 2: Configure SAML Settings in Okta

  1. General Settings
    • App Name: Statisfy
    • (Optional) Upload Statisfy’s logo for easier identification
    • Click Next
  2. SAML Settings
    • Single Sign-On URL:
      • Enter the Assertion Consumer Service (ACS) URL provided. This is where Okta will send authentication responses.
      • Value: <sso-url> (Reach out to your CSMs to get this URL)
    • Audience URI (SP Entity ID):
      • Enter the Service Provider Entity ID provided.
      • Value: <audience-url> (Reach out to your CSMs to get this URL)
    • Name ID Format:
      • Choose EmailAddress unless specified otherwise by your application.
    • Application Username:
      • Select Email.
  3. Attribute Statements (Optional):
    • If your application requires additional user attributes, add them here:
      • firstName: user.firstName
      • lastName: user.lastName
      • email: user.email
  4. Group Attribute Statements (Optional):
    • To send group information, add:
      • groups: Matches regex .* (or as required by your application)
  5. Response Signature:
    • Ensure that the SAML Response or Assertion is signed, as required by your application.
    • Choose the appropriate signature algorithm (typically SHA-256).
  6. Advanced Settings (if required):
    • If your application provides specific requirements for the Response Binding, Authentication Context Class, or other advanced settings, configure them here.
  7. Finish Configuration:
    • Click Next.
    • On the feedback page, select I’m an Okta customer adding an internal app.
    • Click Finish.

Step 3: Assign Users to Statisfy

  1. Navigate to the Application:
    • Go to Applications > Applications.
    • Click on the application you just created.
  2. Assign Users or Groups:
    • Select the Assignments tab.
    • Click Assign and choose Assign to People or Assign to Groups.
    • Select the users or groups that need access to your application.
    • For each assignment, click Save and Go Back, then Done.

Step 4: Obtain Okta Identity Provider (IdP) Metadata

  1. Navigate to the Sign On Tab:
    • In your application’s page within Okta, click on the Sign On tab.
  2. View SAML Setup Instructions:
    • Click View SAML setup instructions. This will open a new page containing the SAML configuration details.
  3. Download or Copy Metadata:
    • Locate the Identity Provider metadata link.
    • Download the metadata XML file or copy the metadata URL.

Step 5: Complete SSO Setup in Statisfy

  1. Provide the metadata URL to statisfy implementation specialists.
  2. Set Up Attribute Mapping (if required):
    • User ID - id
    • Email address - mail
    • First Name : firstName
    • Last Name : lastName

Step 6: Test the Integration

  1. Initiate an SSO Login:
    • From a new browser session, navigate to your application’s login page.
    • Click on the option to log in using SSO or select Login with Okta if available.
  2. Authenticate via Okta:
    • You should be redirected to the Okta login page.
    • Enter your Okta credentials.
  3. Verify Access to Your Application:
    • After successful authentication, you should be redirected back to your application and granted access.
  4. Test IdP-Initiated Login (Optional):
    • From the Okta dashboard, click on the application tile to initiate login.
    • Verify that you are logged into your application without needing to enter additional credentials.

Troubleshooting Tips

  • Authentication Errors:
    • Double-check that the ACS URL and Entity ID are identical in both Okta and your application.
    • Ensure that the Name ID Format and Application Username settings match your application’s requirements.
  • Attribute Mapping Issues:
    • Verify that all required user attributes are correctly mapped and that the users have these attributes populated in Okta.
  • Certificate Issues:
    • Ensure that the X.509 certificate from Okta is correctly uploaded into your application’s SAML settings.
  • Time Synchronisation:
    • Confirm that the system clocks on both Okta and your application servers are synchronised to prevent timing issues with SAML assertions.

Need Help?

If you encounter any issues during the setup process, please reach out to: