To enable Okta Single Sign-On (SSO) for your organization, we'll work together to configure the integration. This document outlines what information we'll provide and what steps your team needs to complete.
What We'll Provide
Our team will send you the following information needed to configure our application in your Okta admin application:
What Your IT Team Needs to Do
Step 1: Configure Our Application in Okta
Your IT administrator will need to add our application to your Okta instance and configure it with the information we provide:
- Log in to Okta and go to the admin dashboard
- Go to "Applications" and if your application is already created, select it from the list of applications, otherwise create a new one
- Input the ACS URL from your WorkOS dashboard as the "Single Sign-On URL" and the SP Entity ID as the "Audience URI (SP Entity ID)"
- Scroll down to the "Attribute Statements" section and use the "Add Another" button to add the following key-value pairs:
- Add users and/or groups to the Okta app
- Click on the "Sign On" tab of the SAML app, click the "Actions" dropdown for the correct certificate and select "View IdP Metadata". A separate tab will open. Copy the link in the browser
Step 2: Send Us Your Metadata URL
Once the application is configured in Okta, your IT administrator needs to send us the Identity Provider Metadata URL:
- After copying the metadata URL from Step 1, send this URL to our support team via secure email
- We will use this URL to complete the connection setup in our system
Optional: Role-Based Access Control
If you want to control user roles and permissions in our application based on Okta group memberships, please inform us during setup. We can configure group-based role assignments to automatically grant appropriate access levels to users based on their group membership in Okta.