Skip to main content

Single Sign-On with Okta

Request SSO access from


Only account admins can request single sign-on access for their accounts.

To kick off this process, send an email to Write that you want to set up Okta SAML SSO for Include these items in the message:

The Support team will respond with the connection information you'll need to give in Okta.

Add to Okta

In Okta, click Admin.

In the Shortcuts panel (on the right), click Add Applications.

On the left side of the window, click Create New App. The "Create a New Application Integration" panel is displayed.

Create a New Application Integration panel

Select Web from the Platform list, click SAML 2.0 option, and click Create. The Create SAML Integration page is displayed.

Set your App name to "". Click Next to continue to the Configure SAML tab.

Paste the SAML information from Support

SAML settings

Paste Single sign on URL and Audience URI from the Support email message.

Don't change Default RelayState, Name ID format, or Application username.

Attribute Statements

In the Attribute Statements section:

  • Set Name to "email"
  • Select "Unspecified" from Name format
  • Set Value to "${}"

Configure Okta to send user groups

Group Attribute Statements

In the Group Attribute Statements section:

  • Set Name to "groups"
  • Select "Unspecified" from Name format
  • Type an expression for the groups that you want to have access to in Filter value. This field can't be blank.

Zip the SAML certificate

On the right side of the page, click Download Okta Certificate.

Download the certificate file and zip it. You'll attach this zip file to your next email to the Support team.

Click Next, select I'm an Okta customer adding an internal app, and then click Finish.

Get your endpoint information

SAML setup instructions

Browse to the Sign On tab, and then click View Setup Instructions.

Copy the Identity Provider Single Sign-On URL, and paste this in the email that you'll send to the Support team.

Send your SAML details to

Draft a new email to Support, and include these items:

  • Your zipped certificate (from step 5)
  • Your Identity Provider Single Sign-On URL (from step 6)

(Optional) Restrict access to specific user groups

Add group

By default, all Okta users with access can sign in to your accounts.

You can restrict this access from the Manage users page for each of your accounts. To do this, click Add group, and then paste your group's name from Okta. Do this for each group that should have access to this account.

Receive confirmation from Support

When Support has created your Okta + connection, you're done! You can start logging in to through your Apps portal.