Setting Up SSO with Okta

This guide walks through configuring Okta as your SAML SSO provider for Auxia.

Prerequisites

Before you begin, confirm you have the following:

• Admin access to your Okta organization
• ACS URL from your Auxia representative
• SP Entity ID from your Auxia representative

If you don't have the ACS URL and SP Entity ID yet, contact your Auxia representative before proceeding.

---

Step 1: Create a SAML Application in Okta

1. Log in to your Okta admin dashboard.
2. Navigate to Applications → Applications.
3. Click Create App Integration.
4. Select SAML 2.0 as the sign-on method.
5. Click Next.
6. Enter a name for the application (e.g., Auxia).
7. Click Next.

---

Step 2: Configure SAML Settings

In the Configure SAML step, fill in the following fields:

Field	Value
Single sign-on URL	Paste the ACS URL provided by Auxia
Audience URI (SP Entity ID)	Paste the SP Entity ID provided by Auxia

Leave all other fields at their defaults unless instructed otherwise by your Auxia representative.

---

Step 3: Configure Group Attribute Statements (Optional)

If you want to use Okta groups for role assignment in Auxia, add a group attribute:

1. Scroll down to Group Attribute Statements.

2. Add a new statement with the following values:

   Field	Value
   Name	groups
   Filter	Matches regex: .* (to include all groups)

3. Click Next.

Note: Group-based role assignment requires additional configuration on the Auxia side. Contact your Auxia representative if you want to use this feature.

---

Step 4: Complete the Feedback Form

1. Select I'm an Okta customer adding an internal app.
2. Fill in the feedback form.
3. Click Finish.

---

Step 5: Assign Users and Groups

1. In your application, click the Assignments tab.
2. Click Assign, then select Assign to People or Assign to Groups.
3. Search for and select the users or groups who should have access to Auxia.
4. Click Assign, then Done.

Note: Only users assigned here will be able to authenticate to Auxia via SSO.

---

Step 6: Copy the IdP Metadata URL

1. In your Okta application, click the Sign On tab.
2. Under SAML Signing Certificates, click the Actions dropdown for the active certificate.
3. Select View IdP Metadata. A new browser tab will open showing the metadata XML.
4. Copy the full URL from the browser address bar.

---

Step 7: Share the Metadata URL with Auxia

Send the IdP Metadata URL to your Auxia representative. They will use it to complete the SSO connection on the Auxia side.

Once your Auxia representative confirms the connection is active, your users will be able to log in to Auxia Console using their Okta credentials.

---

Troubleshooting

Users can't log in after setup

• Confirm the user is assigned to the Okta application (Step 5).
• Verify the ACS URL and SP Entity ID were entered correctly (Step 2).
• Double-check the metadata URL is from the active certificate.

The metadata URL isn't working

• Make sure you copied the URL from the browser address bar after clicking View IdP Metadata, not a download link.
• If the certificate has changed, copy the new metadata URL and share it with your Auxia representative.

Need help?

Contact your Auxia representative or reach out to support@auxia.io.