SAML SSO - Okta

Here's how you can set up SAML SSO with Okta.

Part 1: Enable SAML SSO in Tability

1. Go to your workspace SSO settings and select the SAML SSO option as the authentication method.
2. Keep this screen open, we'll need it later.

Part 2: Create a new application for Tability in Okta

1. Open a new tab and go to Okta to create a new app integration. Select the SAML 2.0 option in the pop-up window.
2. Name your application Tability and click Next.

Part 3: Configure SAML in Okta

1. In the Configure SAML screen in Okta, copy the values from your workspace SSO settings in Taiblity.

   1. Single sign-on URL: copy the value of the SP Consumer URL (https://api.tability.app/auth/saml/consume/<workspace>)

   2. Audience URL (SP Entity ID): copy the value of the SP Entity ID (https://api.tability.app/auth/saml/metadata/<workspace>)

2. Save the settings

Part 4: Update SAML SSO settings in Tability

1. Go to the Sign-on section of your Okta application and click on View Setup Instructions to see the content of the certificate and the Single Sign-On URL.
2. Copy the content of the certificate including the BEGIN CERTIFICATE and END CERTIFICATE to the IDP certificate field in Tability.

3. Copy the Identity Provider Single Sign-On URL from Okta, and paste it into the IDP SSO URL field in Tability.
4. Click on update to save the settings

Part 5: Sign in via SSO to finalize your setup

Once SAML is activated, it will be the only authentication method for your workspace. Make sure that your admin account in Tability is associated with a user in Okta, otherwise, you might lose access to your workspace settings.

To finalize the integration you need to sign in once via SAML SSO to validate your configuration.

1. Click on the Log in via SSO button to sign in.

2. Once you're logged in you should see a confirmation message at the top of your screen saying that "SAML SSO is enabled for all users."