How to set up Okta identity provider

Last update:

Audience: System administrators installing and configuring Sapho Server

Okta is an identity provider supported by Sapho that you can use to authenticate users of Sapho micro apps.

Okta setup

Go to the Identity tab and click on the Okta icon.


In the dialog window under Identity Provider Name, provide the name of the Identity provider configuration created.

Okta natively supports the SAML 2.0 standard which requires you to specify:

  • Single sign-on URL - the URL of an endpoint dedicated to handling SAML transactions.
  • IdP Metadata URL - the URL where the entity description of the IdP is located.
  • Login Attribute - the login attribute in your Okta metadata.
  • User Name Attribute - the user name attribute in your Okta metadata.
  • Email Attribute - the email attribute in your Okta metadata.


Here’s how to register Sapho in Okta:

    1. Sign into your Okta administration. In the upper left-hand corner switch from Developer Console to Classic UI.

    2. Go to Applications > Add Application > Create New App and set Web as Platform (1) and SAML 2.0 as Sign on method (2). Click Create.

    3. Select App name (eventually other information like App logo etc.) and click Next.
    4. In Sapho, copy the Single sign-on URL from the Okta configuration dialog and paste it into the Single sign-on URL field in your Okta SAML settings.

    5. Check the Use this for Recipient URL and Destination URL checkbox.

    6. In Sapho, go to Settings > SAML. Copy the SAML Entity ID and paste it into the Audience URI (Service Provider Entity ID) field in your Okta SAML settings.



    7. Set the ATTRIBUTE STATEMENTS in Okta to the following values:
      # Name Name format Value
      1 login Basic user.login
      2 name Basic
      3 email Basic


    8. If you would like configure support for SAML groups, you will need to configure the GROUP ATTRIBUTE STATEMENTS property with the following values:
      Name Name format Filter Filter value
      groups Unspecified Regex .*


    9. Click Next. Select one of the options under Are you a customer or partner? (1) and then, select the App type (2). Click Finish.
    10. You have now successfully set up your application in Okta. Go to the Sign On tab and right click on Identity Provider Metadata. Copy the URL.
    11. In the Sapho dialog window for configuring Okta, paste the copied URL into the IdP Metadata URL field.
    12. Fill in Login (1), User Name (2), and Email (3) attributes. Click Done.


You have successfully configured your Okta Identity Provider in Sapho.
You can now set which micro apps use Oka for access in the Micro Apps with Access section.



Okta groups
Here’s how to use Okta groups for access management within Sapho:

  1. Go to the Provider Details page of your Okta identity provider. Fill in the Group Attribute field according to your Okta settings. You should use the name of the group attribute from your Okta schema.

  2. Manually register the Okta groups you want to use within Sapho for access management by clicking ADD NEW GROUP.

  3. Click SAVE SETTINGS.. .

Now you’ll be able to use Okta groups throughout Sapho, i.e. you can give access to micro apps based on your Okta groups or send notifications to users based on their assigned groups.


Custom user variables

Sapho also allows you to pull custom attributes that you have added to your Okta identity model from your Okta server.

You can configure these in Provider Details for Okta Identity under the fields: Custom User Variable 1 Attribute, Custom User Variable 2 Attribute, and Custom User Variable 3 Attribute.



Once you have configured your custom variables, you can use them in Sapho to build micro apps and events.