Skip to main content
OKTA Setup for SAML SSO

SAML SSO How-to

Christina avatar
Written by Christina
Updated over 4 months ago

Set up SAML SSO for Okta

You’ll need to set up a custom SAML app to use Okta for SSO.

  1. In the Okta Admin console, go to Applications > Applications

  2. Click Create App Integration

  3. For “Sign-in method”, select “SAML 2.0”. Click Next.

  4. Under “General Settings”, enter the following attributes:

    1. App name: Enter "Goody"

    2. App logo (optional): Upload the Goody icon found on the "App Icon" under Goody's "Set up SAML" page.

    3. App visibility: Select your display preference

  5. Click Next.

  6. Under “SAML Settings” enter these attributes:

    1. Single sign-on URL: Copy Goody's ACS URL

    2. Audience URI (SP Entity ID): Copy Goody's SP Entity ID

    3. Default RelayState: Leave blank

    4. Name ID format: Select “EmailAddress”

    5. Application username: Select “Email”

    6. Update Application username on: Leave as “Create and update”

      1. Under Attribute Statements:Add attribute first_name and map it to user.firstName (Name format can be “Unspecified”)

      2. Add attribute last_name and map it to user.lastName (Name format can be “Unspecified”)

  7. Scroll to the bottom of the page and click Next.

  8. There are optional questions from Okta. You can provide your responses, or skip to the bottom and click Finish.

  9. You’ll be brought to the Settings page**.** On the right column under “SAML Setup”, click View SAML Setup Instructions.

  10. Copy the values from this page to your Goody’s SAML setup page:

    1. Copy the Identity Provider Single Sign-On URL into Goody's SSO URL field.

    2. Copy the Identity Provider Issuer into Goody's Entity ID field.

    3. Download the X.509 Certificate and paste it into Goody's Certificate field.

  11. On Goody's SAML setup page, click Save and enable SAML.

  12. Sign out of your Okta account.

  13. Test it by signing out of your Goody account, and back in by clicking "Sign in with SSO" on the sign in page.

Did this answer your question?