Okta SSO

Okta SSO

When using Okta as the identity provider, follow these steps to configure your SSO: 

  1. Access the Admin panel on your Okta account, then browse to the Applications section.

  2. Click on Add Application and then Create New App.

  3. In the modal, select Web for the Platform and SAML 2.0 for the Sign on method, then click Create.

  4. After giving a name to the application and choosing a logo for your application (such as your company logo) on the following screen, click Next.

  5. Go back to the Single Sign-On tab on your TagoRUN settings > Integrations > Single Sign-On and take a look at the Service Provider Settings section.


  6. Use the copy button on each of the Entity ID and Assertion Consumer Service (ACS) URL fields at a time and paste them into the Audience URI (SP Entity ID) and Single sign on URL fields respectively in the SAML Settings page on Okta.

  7. Scroll down on the SAML Settings page until you reach the Attribute Statements (Optional) section. For our Single Sign-On integration, we require the user.firstName and user.email values only, but most of the time it’s a good idea to put the user.lastName as well. These fields will be used to generate the user in your TagoRUN for the users logging in via Okta. Set the name of these fields similar to the following example, as it will be used in the last step back on the TagoRUN configuration.

  8. Click Next and then click Finish on the last setup screen in Okta. Now you have your application set up, but you need to get the Identity Provider metadata to import on the TagoRUN settings, so click on the Identity provider metadata link and save the XML file on your computer.

  9. Back on the your account at TagoIO, from the left menu click on RUN and then select Single Sign-on under the Integration settings. Click the Import Identity Provider Metadata button and select the XML file you have just saved from Okta. After the upload is finished, the file will be parsed and the Issuer field will show the URL from the Identity Provider application.

  10. Fill the E-mailFirst Name and Last Name fields with the names entered in the Okta application configuration.

  11. Click on the Enabled toggle at the top of the configuration page to enable the Single Sign-On integration and click Save to deploy your TagoRUN.

  12. Do not forget to add the users that should have access to your RUN via Single Sign-On in the Assignments section of the application settings in Okta.

  13. Now any users in the application can access your RUN via their credentials in Okta. Going to the RUN page, the users will be presented with the Okta sign-in screen and then will be redirected back to authenticate in the RUN.

    • Related Articles

    • Single Sign-On (SSO)

      By using our Single Sign-On, SSO, integration, end-users are allowed to sign in into your RUN application using the credentials from your own trusted user database. This database is provided by third-party services such as Okta, Microsoft Azure AD, ...
    • PingIdentity - PingOne SSO

      in progress