Skip to content
  • There are no suggestions because the search field is empty.

How to set up Okta SSO

MASV team owners can require SSO for individual teams. This guide will walk you through how to configure SSO using Okta.

Note: Please refer to the Okta documentation for the latest instructions for setting up SSO for applications using SAML. The instructions below are meant as a general guide and might not reflect the latest changes in Okta. For detailed instructions about setting up SSO in MASV, see How to set up single sign-on (SSO) in MASV.

Creating a SAML Application in Okta

  1. Ensure you are logged into your admin page in Okta.
  2. Navigate to Applications using the side navigation.
  3. Select Create App Integration. A window should open.
  4. Select SAML 2.0 as the integration type. You should be redirected to the integration setup page.
    Create a new Okta app integration
  5. Give your application a name. For example, MASV.
    Create SAML integration Okta
  6. Select Next.

  7. You are prompted to enter the single sign-on URL and Audience URI (SP Entity ID). You can copy this information from your MASV SSO Settings page if you've already verified your domain in MASV.

      1. Copy the ACS URL value from your MASV SSO Settings page and paste it into the Single sign-on URL field in Okta.
      2. Copy the SP Entity ID value from your MASV SSO Settings page and paste it into the Audience URL (SP Entity ID) field in Okta.
    1. Select Unspecified as the value of Name ID format.

    2. Select Okta username as the value of Application username.

    3. Select Create and update as the value of Update application username on. Your SAML Integration creation page in Okta should now look something like the screen below.
      Create SAML integration step 2 Okta

    4. Scroll down to find the Attribute Statements section. You need to map your Okta user attributes to specific fields so that MASV can correctly provision your users.

    5. Add two new empty fields, and then fill them out according to the table below.

    Name

    Name format

    Value

    saml_subject

    Unspecified

    Must be

    okta

    Be sure to enter this value manually!

    email

    Unspecified

    user.email

    (select from suggestions)

    name

    Unspecified

    user.firstName

    (select from suggestions)

    Your attribute statements table should now look something like this:

    Attribute statements

    1. Leave the Group Attribute Statements section empty.

    2. Select Next.

    3. Select I’m an Okta customer adding an internal app.Create SAML integration Okta step 3

    4. Select Finish.


    Importing Okta’s Metadata Into MASV

    After completing the previous step, the Okta information page should resemble the screen below.

    Okta sign on settings

    You must now find the XML version of Okta’s metadata and import it into MASV. 

    To import Okta XML metadata into MASV

    1. In Okta, scroll to the bottom of your applications page.

    2. On the right sidebar,  select View SAML setup instructions

      Okta SAML setup

    3. You are redirected to a page titled How to Configure SAML 2.0 for <application name> Application. Scroll down until you see Optional.

    4. Copy the XML data from the Provide the following IDP metatdata to your SP provider text field.Okta IDP metadata

    5. In MASV, on the SSO Settings page, paste the XML metadata you copied from Okta into the RAW Metadata field that is under SAML Configuration.

      Okta Raw Metadata

    6. In the lower right corner of the SSO Settings page, select Save. If configured correctly, an Active tag appears beside the SAML Configuration heading in MASV.

    7. SSO Name now appears in the upper right corner. Enter a name your users will use to sign in your team with SSO. For example, if you enter masv, your users must enter masv as the SSO Name on the SSO sign in page.

    8. Select the Enable SSO toggle so that SSO is on.

    9. If you want to require users to sign in with SSO, select the Require login with SSO toggle. If you want to allow users to sign in with SSO or email authentication, ensure the toggle is off.

    10. Select Save to apply your settings.

    Assign users to your application

    You must now assign your newly created Okta applications to your users. Okta has a guide for this here. Users your application is not assigned to will be unable to log into MASV with SSO.

    Try it out

    Navigate to MASV’s SSO sign-in page and enter the SSO name you chose for your team. When you click “Sign in”, you should be redirected to Okta to authenticate. Once you’ve finished authenticating, you should be redirected to MASV.

    If you are redirected to the MASV dashboard, great! You can continue using MASV as normal. If you are redirected to a screen prompting you to accept an email invitation, please do so and then sign back in with SSO.