Skip to main content

Setting Up SSO with Okta

Product Enablement avatar
Written by Product Enablement
Updated over a week ago

This guide walks you through configuring Single Sign-On (SSO) between ObservePoint and Okta using SAML 2.0.

Prerequisites

  • Admin access to your Okta account

  • Admin access to your ObservePoint account

Step 1: Start SSO Configuration in ObservePoint

  1. Log into ObservePoint as an Account Admin

  2. Navigate to Settings > Single Sign-on

  3. Click to start a new SSO configuration

Step 2: Create SAML Application in Okta

  1. Sign into the Okta admin console

  2. In the left navigation, expand Applications and click Applications

  3. Click Create App Integration

  4. Select SAML 2.0 as the integration type

  5. Click Next

Step 3: Configure General Settings

  1. Give your application a name (e.g., "ObservePoint")

  2. (Optional) Upload a logo

  3. Click Next

Step 4: Configure SAML Settings

  1. Setup ACS CALLBACK URL: Copy values from ObservePoint

  2. Audience URI (SP Entity ID): Copy values from ObservePoint

  3. Advanced settings (optional): These can be configured but are not required for a minimal setup

  4. Click Next

Step 5: Complete Application Setup

  1. On the feedback page, select the appropriate options or simply click Finish

Step 6: Assign Users and Groups

  1. Navigate to the Assignments tab in your new application

  2. Click the Assign button

  3. Choose Assign to People or Assign to Groups

  4. Search for the users or groups who need access to ObservePoint

  5. Click the Assign button next to each user or group

  6. Click Done when finished

Step 7: Get the Metadata URL

  1. Return to the Sign On tab

  2. Scroll to the SAML 2.0 section in the Settings pane

  3. Copy the Metadata URL

Step 8: Complete ObservePoint Configuration

  1. Return to the ObservePoint SSO configuration screen

  2. Paste the Okta Metadata URL into the configuration field

  3. ObservePoint will validate the URL and retrieve all necessary configuration data

  4. Click Next

Step 9: Configure ObservePoint SSO Settings

  1. Choose an account subdomain for SSO login (e.g., yourcompany.app.observepoint.com)

  2. User provisioning: Choose whether to automatically create ObservePoint accounts for users who don't already exist

    • Users are matched by email address from your identity provider

    • If auto-provisioning for new users is disabled, users must have an existing ObservePoint account before logging in via SSO

Step 10: Test and Activate

  1. Click Test the SSO configuration

  2. Verify that you can successfully authenticate

  3. If the test is successful, click Activate to enable SSO for your account

Your Okta SSO integration is now live login using your custom subdomain!

Advanced Features

Once your basic SSO setup is complete, you can configure these additional features:

  • Require signed SAMLRequests: Enhanced security requiring Okta to import ObservePoint's certificate from the metadata file

  • Single Sign-On (SSO): Allow users to launch ObservePoint directly from the Okta portal

  • Single Logout (SLO): When a user's Okta session ends, their ObservePoint session will also end

    • Note: ObservePoint will not terminate the Okta session

Troubleshooting

If you encounter issues:

  • Verify that the metadata URL is correct and accessible

  • Ensure users are properly assigned in Okta

  • Check that email addresses match between Okta and ObservePoint

  • Confirm that your subdomain is unique and available

Related Articles
Getting Started With SSO
Adding Custom Request Headers in ObservePoint
SSO Frequently Asked Questions
Custom Headers
Setting Up SSO with Azure Active Directory
Did this answer your question?