All Collections
Integrations
How to enable Single Sign On with Okta
How to enable Single Sign On with Okta

Enable SAML-based SSO with Okta

David avatar
Written by David
Updated over a week ago

  1. In your Okta account, go to Applications and click Create App Integration

  2. Choose SAML 2.0

3. On the Configure SAML step use these settings:

App name: FreeBusy

App logo: download here

Single Sign On URL: https://freebusy.io/saml/acs (use this for Recipient URL and Destination URL)

Audience URI (SP Entity ID): https://freebusy.io/saml/acs

Default RelayState: (leave blank)

Name ID format: Persistent

Application username: Email

Update application username on: Create and update

4. Also on the Configure SAML step add these attributes

Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Name Format: URI Reference

Value: user.email

Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname

Name Format: URI Reference

Value: user.firstName

Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname

Name Format: URI Reference

Value: user.lastName

If your organization has a hybrid environment with some mailboxes on-premise and others in the cloud, add the following attribute

Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/spn

Name Format: URI Reference

Value: map value from AD MsExchRemoteRecipientType attribute (documented here)

5. Once you create the Okta application with the above settings, go to the app management page, and from the Sign On tab click on View SAML setup instructions, then copy to clipboard IDP metadata link or IDP metadata:

6. Email us at [email protected] the Identity Provider metadata link that link so we can add it to your organization’s account

Did this answer your question?