> ## Documentation Index
> Fetch the complete documentation index at: https://help.statisfy.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Setting Up Okta SSO With Statisfy

> Configure Okta Single Sign-On (SSO) for secure, centralized access to Statisfy.

By setting this up, users will be able to log in using their existing Okta credentials, ensuring secure, centralized, and simplified access management.

### Prerequisites

Before you begin, make sure you have:

* **Access to Okta Admin Console** with permissions to configure applications.

* **SAML configuration details:** Ability to configure SAML SSO settings within your application. This will be provided to you during onboarding.

### Step 1: Add Statisfy as a SAML App in Okta

1. **Log in to Okta Admin Console**:

   * Navigate to your Okta admin dashboard at [https://YOUR\_OKTA\_DOMAIN.okta.com/admin](https://YOUR_OKTA_DOMAIN.okta.com/admin)

2. **Create a New Application Integration**:

   * From the left sidebar, select **Applications**.

   * Click on **Applications** again, then click **Create App Integration**.

3. **Choose SAML 2.0 as the Sign-in Method**:

   * In the **Create a new app integration** dialog, select **SAML 2.0**.

   * Click **Next**.

### Step 2: Configure SAML Settings in Okta

1. **General Settings**

   * **App Name**: `Statisfy`

   * (Optional) Upload Statisfy's logo for easier identification

   * Click **Next**

2. **SAML Settings**

   * **Single Sign-On URL**:

     * Enter the *Assertion Consumer Service (ACS) URL provided*. This is where Okta will send authentication responses.

     * Value: `<sso-url>` (Reach out to your CSMs to get this URL)

   * **Audience URI (SP Entity ID)**:

     * Enter the *Service Provider Entity ID provided*.

     * Value: `<audience-url>` (Reach out to your CSMs to get this URL)

   * **Name ID Format**:

     * Choose **EmailAddress** unless specified otherwise by your application.

   * **Application Username**:

     * Select **Email**.

3. **Attribute Statements (Optional)**:

   * If your application requires additional user attributes, add them here:

     * **firstName**: user.firstName

     * **lastName**: user.lastName

     * **email**: user.email

4. **Group Attribute Statements (Optional)**:

   * To send group information, add:

     * **groups**: Matches regex .\* (or as required by your application)

5. **Response Signature**:

   * Ensure that the SAML Response or Assertion is signed, as required by your application.

   * Choose the appropriate signature algorithm (typically **SHA-256**).

6. **Advanced Settings (if required)**:

   * If your application provides specific requirements for the **Response Binding**, **Authentication Context Class**, or other advanced settings, configure them here.

7. **Finish Configuration**:

   * Click **Next**.

   * On the feedback page, select **I'm an Okta customer adding an internal app**.

   * Click **Finish**.

### Step 3: Assign Users to Statisfy

1. **Navigate to the Application**:

   * Go to **Applications** > **Applications**.

   * Click on the application you just created.

2. **Assign Users or Groups**:

   * Select the **Assignments** tab.

   * Click **Assign** and choose **Assign to People** or **Assign to Groups**.

   * Select the users or groups that need access to your application.

   * For each assignment, click **Save and Go Back**, then **Done**.

### Step 4: **Obtain Okta Identity Provider (IdP) Metadata**

1. **Navigate to the Sign On Tab**:

   * In your application's page within Okta, click on the **Sign On** tab.

2. **View SAML Setup Instructions**:

   * Click **View SAML setup instructions**. This will open a new page containing the SAML configuration details.

3. **Download or Copy Metadata**:

   * Locate the **Identity Provider metadata** link.

   * Download the metadata XML file or copy the metadata URL.

### Step 5: Complete SSO Setup in Statisfy

1. **Provide the metadata URL to statisfy implementation specialists.**

2. **Set Up Attribute Mapping (if required)**:

   * User ID - id

   * Email address - mail

   * First Name : firstName

   * Last Name : lastName

### Step 6: Test the Integration

1. **Initiate an SSO Login**:

   * From a new browser session, navigate to your application's login page.

   * Click on the option to log in using SSO or select **Login with Okta** if available.

2. **Authenticate via Okta**:

   * You should be redirected to the Okta login page.

   * Enter your Okta credentials.

3. **Verify Access to Your Application**:

   * After successful authentication, you should be redirected back to your application and granted access.

4. **Test IdP-Initiated Login (Optional)**:

   * From the Okta dashboard, click on the application tile to initiate login.

   * Verify that you are logged into your application without needing to enter additional credentials.

### Troubleshooting Tips

* **Authentication Errors**:

  * Double-check that the **ACS URL** and **Entity ID** are identical in both Okta and your application.

  * Ensure that the **Name ID Format** and **Application Username** settings match your application's requirements.

* **Attribute Mapping Issues**:

  * Verify that all required user attributes are correctly mapped and that the users have these attributes populated in Okta.

* **Certificate Issues**:

  * Ensure that the X.509 certificate from Okta is correctly uploaded into your application's SAML settings.

* **Time Synchronization**:

  * Confirm that the system clocks on both Okta and your application servers are synchronized to prevent timing issues with SAML assertions.

### Need Help?

If you encounter any issues during the setup process, please reach out to:

* **Support Team**: [support@statisfy.com](mailto:support@statisfy.com).

* **Okta Support**: Access support via your Okta admin dashboard or visit [support.okta.com](https://support.okta.com).