Set up SSO with Okta (SAML/OIDC)

Connect Okta, map claims to roles, and test sign-in.

18 min Intermediate IT Admin, Security Engineer Updated Sep 19, 2025

View App All Guides

Overview

Connect Okta, map claims to roles, and test sign-in.

Prerequisites

Okta admin privileges

Permissions required

iam:configure connections:write

Steps (4)

Estimated: 18 min

1

Create Okta app integration

IT Admin 6 min Back to top

In Okta, create an OIDC or SAML app; collect Issuer, Client ID/Secret or download IdP metadata.

Tips

—

Validation

—

Success criteria

—
2
Add provider in AccessGuard

Security 5 min Back to top

Settings → SSO → Add Provider → Okta. Paste credentials or upload metadata.
Tips

—
Validation

Discovery/JWKS validates successfully.
Success criteria

—
3
Map groups/claims to roles

Security 4 min Back to top

Define rules, e.g., okta.groups contains “Admins” → role: admin.
Tips

—

Validation

—
Success criteria

Test user signs in and receives correct role.
4

Enable JIT/SCIM (optional)

IT Admin 3 min Back to top

Turn on JIT provisioning; optionally configure SCIM for lifecycle.

Tips

—

Validation

—

Success criteria

—

About this guide

AccessGuard secures apps and external sites with hosted authentication and short-lived JWTs. Enable MFA, define RBAC permissions, and connect enterprise identity via SAML or OIDC. A lightweight HMAC bridge lets you embed login, registration, and token refresh flows on any domain without CORS pain.

Admins manage users, sessions, connections, and policies from one console. Profiles consolidate verified emails/phones, consents, KYC docs, and risk flags. Events and metrics provide visibility for security and ops.

Designed for velocity and safety: opinionated defaults, least-privilege keys, Prometheus counters, and exportable audit logs.

Set up SSO with Okta (SAML/OIDC)

Overview

Create Okta app integration

Add provider in AccessGuard

Map groups/claims to roles

Enable JIT/SCIM (optional)

About this guide