ToolJet/docs/versioned_docs/version-3.5.0-LTS/user-management/sso/saml/okta.md

---
id: okta
title: Okta
---

Okta can be configured as the Identity Provider for SAML, which is an authentication protocol that securely verifies user identities through a trusted provider. This document explains how to obtain the required credentials from the Okta Developer Console. Refer to the **[SAML Setup](/docs/user-management/sso/saml/setup)** guide to configure SAML in your application.

## Generating Metadata

1. Sign in to the [Okta Developer Console](https://developer.okta.com/).

2. Navigate to the **Applications** section and click **Create App Integration**.
    <img style={{ marginBottom:'15px' }} className="screenshot-full" src="/img/user-management/sso/oidc/okta/create-app.png" alt="Okta: SSO"/>

3. Select **SAML 2.0** as the **Sign-in method**. Click on the **Next** button.    
    <img style={{ marginBottom:'15px' }} className="screenshot-full" src="/img/user-management/sso/saml/signin-method.png" alt="Okta: SSO" />

4. Configure the **General Settings**:
    - **App Name**: Enter the application name to be displayed on the login page.
    - **App Logo (optional)**: Upload a logo to be shown on the login page. <br/><br/>
    <img className="screenshot-full" src="/img/user-management/sso/saml/okta-general-settings.png" alt="Okta General Settings" />


5. In the **Configure SAML** tab, configure the following fields: <br/><br/>
    **General**: 
    - **Single sign-on URL**: Redirect URL copied from the SAML configuration page in ToolJet.
    - **Audience URI** (SP Entity ID):  entityID present in XML file.
    - **Default RelayState**: Leave this field blank. 
    - **Name ID format**: EmailAddress.
    - **Application username**: Email.
    - **Update application username on**: Create and update. <br/><br/>
    <img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-configure-saml-general.png" alt="Okta Configure SAML General" />

    **Attribute Statements**:

    | Name | Name format | Value |
    | --- | --- | ---- |
    | email | Unspecified | user.email |
    | name | Unspecified | user.firstName |

    <img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-configure-saml-attribute.png" alt="Okta Configure SAML ATTRIBUTE STATEMENTS" />

    **Group Attribute Statements**:

    | Name | Name format | Filter | Value |
    | --- | --- | --- | --- |
    | groups | Unspecified | Matches regex | ".*" |

    <img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-grp-attribute.png" alt="Okta Configure SAML ATTRIBUTE STATEMENTS" />

6. Review and click on the **Next** button.

7. Click on the **Finish** button to complete the Okta application configuration.

8. Navigate to the **Sign On** tab and make sure **Application username format** is set to **Email**, otherwise click on the **Edit** button and update.

9. Copy the **Metadata URL**. This URL will retrieve the XML metadata file for the Okta application.
    <img className="screenshot-full img-m" src="/img/user-management/sso/saml/okta-sign-on.png" alt="Okta Sign On" />

10. Paste the metadata URL into the **Identity provider metadata** field in the ToolJet SAML configuration.

11. Ensure that Audience URI (SP Entity ID) from the XML file is added to the Configure SAML tab in the Okta application configuration.

12. Test the SAML configuration by logging in to ToolJet using the Login URL.
    <img className="screenshot-full" src="/img/sso/saml/login-v2.png" alt="SSO :SAMP" />
[docs]: Platform Revamp (#11585) * Initial Structure Setup * Add SMTP Configuration Content * Add ToolJet Plan Content * Update ToolJet Plan Docs * Update SMȚP Configuration * Add Organization Overview * Update SMTP Cofig * add licensing structure * revert AppCard.jsx * revert AppCard.jsx * Revert AppMenu.jsx * Revert Folders.jsx * Revert ManageGroupPermissionResources.jsx * revert mixins.scss * revert tabler.scss * revert tabler.scss * revert tabler.scss * revert tabler.scss * add: white label doc * Update overview * add: instances and workspaces * revert AppCard.jsx * revert changes from EditVersionModal.jsx * Revert Changes * Delete Extra File * fix: comments * update interlink * fix: multiple instance content * tj deployment beta * update tj deployment beta * Update Email Server Beta * Update Overview * update setup email communication * Update Licensing * Update overview and self hosted docs * Update self hosted beta * Update Licensing * minor improvments * update link * Update folder name * minor updates * Update Self Hosted * Update Cloud and Overview * Minor Updates and add Mailgun Screenshot * Change beta folder structure and add sendgrid screenshot * update setup tj folder * Replicate changes to 3.0.0-LTS * Add overview and onboard user structure in beta * Add Overview for User Management and Access Control * Add Invite User * first draft - bulk invite, archive, self signup * update: intance-workspace-whitelabelling * fix: workspace-whitelable doc * minor update in invite user * Update Onboarding and Offboarding of Users - 03/01 * Add structure for authentication and rbac in beta * update super admin file structure * add super admin content * Update overview page * Overview for onboard and offboard user * minor edit overview page * Update Invite User * Update Bulk Invite User * updated archive user * Update onboarding and offboarding * Content Update * Update Super Admin Structure * Update Super Admin * User Roles Content * Custom Groups Content * Granular Access Control [WIP] * Add SSO Structure * github sson 1 * github sso * Google SSO * ldap * grammatical improvement * Feedback Updates 1 * complete RBAC * sso update * SSO LDAP SAML OIDC * OIDC Setup * Google OIDC * Update LDAP and SAML Intro * Update Profile Management Structure * Update Access Control Docs * Update Custom Groups * feat: authentication * OIDC - Okta * feat: cloud auth * fix: overview typo * fix: selfhosted auth titles * Group Sync Structure * User Metadata * [WIP] OIDC Group Sync * OIDC Group Sync * Update use case example in user metadata * Remove password management section * Update reset password * add: retry limit in password login * Docs feedback update * OIDC Group Sync Docs * oidc grp sync * Custom Group * access control * Profile Management Structure * edit user details and reset password * profile settings * Development Lifecycle Structure * [WIP] Version Control * [WIP] Rollback * Update GitSync Structure * WIP GitSync * Copy GitSync from the Develop * Update version control as per feedback * wip: release * release and rollback * GitSync * GitSync * feat: self-hosted and cloud * gitsync backup docs * [WIP] GitSync * GitSync Backup * share app ideation * Share Application * WIP Audit Logs * WIP Okta SAML * wip - okta saml * Okta SAML * Audit Logs * Git Push and Pull * GitSync Backup * Release Management * GitSync Config * gitsync custom branch * Workspace Constants * Workspace Variables * Update License * update: images and css classes * update: images * update: envs * update: images * Img Update till Invite User * update: removed cloud from Dev Life cycle * feat: custom domain * fix: formatting - custom domain * update: workspace doc * metadata img update * Images till Onboard and Offboard * SSO Images * Image Update GitSync * fix: naming * delete sql backup * update: images * Add ToolJet API * Enhance Nav Bar * Update development lifecycle overview * update: images * Nav Bar Update * fix: feedback * Update FAQ dropdown * feedback update * Content Update * fix: images * fix: platform overview image * Update Grammar and Links till Onboard Users * Fix links * Update Self Singup Screenshot * Fix interlinking * Fix GitSync Interlinks * update: interlinking * Delete Old Docs Beta * Delete Old Files from LTS * Replicate Files in LTS * Update Home Page * fix workspace login link * fix links * Deploy ToolJet --------- Co-authored-by: PriteshKiri <pritesh.d.kiri@gmail.com> 2025-03-06 10:42:09 +00:00			`---`
			`id: okta`
			`title: Okta`
			`---`

			`Okta can be configured as the Identity Provider for SAML, which is an authentication protocol that securely verifies user identities through a trusted provider. This document explains how to obtain the required credentials from the Okta Developer Console. Refer to the [SAML Setup](/docs/user-management/sso/saml/setup) guide to configure SAML in your application.`

			`## Generating Metadata`

			`1. Sign in to the [Okta Developer Console](https://developer.okta.com/).`

			`2. Navigate to the Applications section and click Create App Integration.`
			`<img style={{ marginBottom:'15px' }} className="screenshot-full" src="/img/user-management/sso/oidc/okta/create-app.png" alt="Okta: SSO"/>`

			`3. Select SAML 2.0 as the Sign-in method. Click on the Next button.`
			`<img style={{ marginBottom:'15px' }} className="screenshot-full" src="/img/user-management/sso/saml/signin-method.png" alt="Okta: SSO" />`

			`4. Configure the General Settings:`
			`- App Name: Enter the application name to be displayed on the login page.`
			`- App Logo (optional): Upload a logo to be shown on the login page. <br/><br/>`
			`<img className="screenshot-full" src="/img/user-management/sso/saml/okta-general-settings.png" alt="Okta General Settings" />`


			`5. In the Configure SAML tab, configure the following fields: <br/><br/>`
			`General:`
			`- Single sign-on URL: Redirect URL copied from the SAML configuration page in ToolJet.`
			`- Audience URI (SP Entity ID): entityID present in XML file.`
			`- Default RelayState: Leave this field blank.`
			`- Name ID format: EmailAddress.`
			`- Application username: Email.`
			`- Update application username on: Create and update. <br/><br/>`
			`<img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-configure-saml-general.png" alt="Okta Configure SAML General" />`

			`Attribute Statements:`

			`\| Name \| Name format \| Value \|`
			`\| --- \| --- \| ---- \|`
			`\| email \| Unspecified \| user.email \|`
			`\| name \| Unspecified \| user.firstName \|`

			`<img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-configure-saml-attribute.png" alt="Okta Configure SAML ATTRIBUTE STATEMENTS" />`

			`Group Attribute Statements:`

			`\| Name \| Name format \| Filter \| Value \|`
			`\| --- \| --- \| --- \| --- \|`
[docs]: SAML group sync (#12982) * [docs]: SAML group sync * fix: review * feat: SAML config with env * add: update doc for LTS * fix: review * fix: review * fix: review * fix: review * fix: review * fix: review 2025-06-17 05:52:24 +00:00			`\| groups \| Unspecified \| Matches regex \| ".*" \|`
[docs]: Platform Revamp (#11585) * Initial Structure Setup * Add SMTP Configuration Content * Add ToolJet Plan Content * Update ToolJet Plan Docs * Update SMȚP Configuration * Add Organization Overview * Update SMTP Cofig * add licensing structure * revert AppCard.jsx * revert AppCard.jsx * Revert AppMenu.jsx * Revert Folders.jsx * Revert ManageGroupPermissionResources.jsx * revert mixins.scss * revert tabler.scss * revert tabler.scss * revert tabler.scss * revert tabler.scss * add: white label doc * Update overview * add: instances and workspaces * revert AppCard.jsx * revert changes from EditVersionModal.jsx * Revert Changes * Delete Extra File * fix: comments * update interlink * fix: multiple instance content * tj deployment beta * update tj deployment beta * Update Email Server Beta * Update Overview * update setup email communication * Update Licensing * Update overview and self hosted docs * Update self hosted beta * Update Licensing * minor improvments * update link * Update folder name * minor updates * Update Self Hosted * Update Cloud and Overview * Minor Updates and add Mailgun Screenshot * Change beta folder structure and add sendgrid screenshot * update setup tj folder * Replicate changes to 3.0.0-LTS * Add overview and onboard user structure in beta * Add Overview for User Management and Access Control * Add Invite User * first draft - bulk invite, archive, self signup * update: intance-workspace-whitelabelling * fix: workspace-whitelable doc * minor update in invite user * Update Onboarding and Offboarding of Users - 03/01 * Add structure for authentication and rbac in beta * update super admin file structure * add super admin content * Update overview page * Overview for onboard and offboard user * minor edit overview page * Update Invite User * Update Bulk Invite User * updated archive user * Update onboarding and offboarding * Content Update * Update Super Admin Structure * Update Super Admin * User Roles Content * Custom Groups Content * Granular Access Control [WIP] * Add SSO Structure * github sson 1 * github sso * Google SSO * ldap * grammatical improvement * Feedback Updates 1 * complete RBAC * sso update * SSO LDAP SAML OIDC * OIDC Setup * Google OIDC * Update LDAP and SAML Intro * Update Profile Management Structure * Update Access Control Docs * Update Custom Groups * feat: authentication * OIDC - Okta * feat: cloud auth * fix: overview typo * fix: selfhosted auth titles * Group Sync Structure * User Metadata * [WIP] OIDC Group Sync * OIDC Group Sync * Update use case example in user metadata * Remove password management section * Update reset password * add: retry limit in password login * Docs feedback update * OIDC Group Sync Docs * oidc grp sync * Custom Group * access control * Profile Management Structure * edit user details and reset password * profile settings * Development Lifecycle Structure * [WIP] Version Control * [WIP] Rollback * Update GitSync Structure * WIP GitSync * Copy GitSync from the Develop * Update version control as per feedback * wip: release * release and rollback * GitSync * GitSync * feat: self-hosted and cloud * gitsync backup docs * [WIP] GitSync * GitSync Backup * share app ideation * Share Application * WIP Audit Logs * WIP Okta SAML * wip - okta saml * Okta SAML * Audit Logs * Git Push and Pull * GitSync Backup * Release Management * GitSync Config * gitsync custom branch * Workspace Constants * Workspace Variables * Update License * update: images and css classes * update: images * update: envs * update: images * Img Update till Invite User * update: removed cloud from Dev Life cycle * feat: custom domain * fix: formatting - custom domain * update: workspace doc * metadata img update * Images till Onboard and Offboard * SSO Images * Image Update GitSync * fix: naming * delete sql backup * update: images * Add ToolJet API * Enhance Nav Bar * Update development lifecycle overview * update: images * Nav Bar Update * fix: feedback * Update FAQ dropdown * feedback update * Content Update * fix: images * fix: platform overview image * Update Grammar and Links till Onboard Users * Fix links * Update Self Singup Screenshot * Fix interlinking * Fix GitSync Interlinks * update: interlinking * Delete Old Docs Beta * Delete Old Files from LTS * Replicate Files in LTS * Update Home Page * fix workspace login link * fix links * Deploy ToolJet --------- Co-authored-by: PriteshKiri <pritesh.d.kiri@gmail.com> 2025-03-06 10:42:09 +00:00
			`<img className="screenshot-full img-l" src="/img/user-management/sso/saml/okta-grp-attribute.png" alt="Okta Configure SAML ATTRIBUTE STATEMENTS" />`

			`6. Review and click on the Next button.`

			`7. Click on the Finish button to complete the Okta application configuration.`

			`8. Navigate to the Sign On tab and make sure Application username format is set to Email, otherwise click on the Edit button and update.`

			`9. Copy the Metadata URL. This URL will retrieve the XML metadata file for the Okta application.`
			`<img className="screenshot-full img-m" src="/img/user-management/sso/saml/okta-sign-on.png" alt="Okta Sign On" />`

			`10. Paste the metadata URL into the Identity provider metadata field in the ToolJet SAML configuration.`

			`11. Ensure that Audience URI (SP Entity ID) from the XML file is added to the Configure SAML tab in the Okta application configuration.`

			`12. Test the SAML configuration by logging in to ToolJet using the Login URL.`
			`<img className="screenshot-full" src="/img/sso/saml/login-v2.png" alt="SSO :SAMP" />`