2 mins read

Add Okta (SAML) for Authentication

Learn how to configure Okta and Cloudentity to enable your users to sign in using Okta IDP and SAML


Okta is natively supported by Cloudentity as an OIDC Identity Provider, which means that it has a dedicated connection template in Cloudentity for your convenience. Okta applications implement the OIDC protocol, providing the proof of user authentication to Cloudentity within an ID Token and Access Token.


Connect Okta SAML IDP

  1. Go to Authentication » Providers > Create Connection.

  2. Select the SAML template in Third-Party Providers section and click Next.

    Adding SAML IDP

  3. Provide a name for your SAML IDP – it is used to create the Entity ID.

  4. Use the Entity ID (also a SAML SP Metadata URL) and ACS URL (Assertion Consumer Service URL) values to register Cloudentity as a Service Provider at your IDP.

    Create saml IDP

    For most up-to-date instructions, follow Okta’s documentation to create a SAML application in Okta.

    1. In Okta, select Applications » Applications > Create App Integration » SAML 2.0.

    2. In the Configure SAML menu:

      • Provide the ACS URL from Cloudentity as the value of the Single sign-on URL.

      • Provide the Entity ID from Cloudentity as the value of the Audience URI (SP Entity ID) field.

      • Add SAML attribute statements

      • Preview the SAML Assertion if needed.

      • Configure the rest of the fields as needed and select Next

  5. In Okta application integration you added, go to Sign On tab and copy the Metadata URL.

  6. Back in Cloudentity, paste the Metadata URL from Okta as the value of the Metadata URL field and save.

Next Steps

  1. In Okta, assign users to SAML Application you integrated with Okta.

  2. Add SAML Assertion Schema Attributes Coming from Okta IDP.

  3. Map SAML IDP Attributes to Authentication Context Attributes.

  4. Define Outgoing SAML Assertion Attributes Sent to Service Providers

  5. Add SAML Service Provider.

  6. If the Okta SAML IDP you connected enables users to sign into OAuth-based client applications, be sure to map the authentication context parameters (mapped from SAML IDP Assertion Schema Attributes) to Token Claims as well.

Updated: Nov 2, 2023