Okta SAML

8min
This feature is available to Enterprise customers.
The following manual configuration creates an SAML SSO configuration for your Enterprise organization.
Prerequisites
Owner role in an Enterprise organization
Okta account with admin access
Supported features
This configuration supports the following:
Service Provider initiated SSO
Single Log Out [optional]
Configuration steps
Before configuring SSO, you need to assign a namespace and create a Service Provider certificate and private key. These important steps provide information you need to enter later.
Create your namespace
1
Click Organization in the left sidebar.
2
Click the SSO tab.
3
Under Namespace, enter the namespace you want for your organization. For example, acme_corp. Your organization members enter this namespace when they log in via SSO.
4
Under SSO type, select SAML 2.0.
5
Copy the Redirect URL and save it in a safe place. You will use this later when you create your SAML integration in Okta.
Download your Make Service Provider certificate
1
Click Organization in the left sidebar.
2
Click the SSO tab.
3
Scroll down to find Service Provider Certificates.
4
Find your new certificate. Refer to the Valid from and Expires dates if you are unsure.
5
On the right side of the row for your certificate, click the icon.
6
Select Download.
Your browser downloads your SP certificate as a .pem file. You can find it in your downloads folder.
Create an SAML integration
1
Log in to Okta and go to Applications > Applications.
﻿
2
Click Create App Integration.
﻿
3
Select SAML 2.0 in the popup winder and click Next.
﻿
4
In the General Settings tab, name your app and upload your icon.
﻿
5
Click Next.
6
In the Configure SAML tab, enter the Single sign-on URL that you copied in the steps to create your namespace﻿ above.
﻿
7
Enter the Audience URI (SP Enttity ID) as https://www.make.com/sso/saml/{{namespace}}/metadata.xml.
8
Keep the Default Relay State blank.
9
Enter the following information:
Field
Value
Name ID format
EmailAddress
Application Username
Okta username
Update application username on
Create and update
﻿
10
Click Show Advanced Settings.
11
Verify that all of the information provided matches the following:
﻿
Set Assertion Encryption to Encrypted. For the Signature Certificate field, upload the  Service Provider Certificate﻿  you downloaded above.
12
Under Attibute Statements (optional), add the attribute as shown in the image and click Next to save.
﻿
13
Select the following options and click Finish.
﻿
14
Assign people to your  application under the Assignments tab in Okta.
15
Under the Sign On tab in Okta, view the SAML setup instructions. 
16
Copy the Identity Provider Single Sign-On URL and the Identify provider certficate and save them in a safe place.
17
In , under Organization > SSO, update the IdP log URL field and the Identify provider certficate field with the information obtained in Okta in step 16. 
18
Enter the following in the Login IML resolve field:
Text
{"email":"{{get(user.attributes.email, 1)}}","name":"{{get(user.attributes.profileFirstName, 1)}}{{get(user.attributes.profileLastName, 1)}}","id":"{{user.name_id}}"}
{"email":"{{get(user.attributes.email, 1)}}","name":"{{get(user.attributes.profileFirstName, 1)}}{{get(user.attributes.profileLastName, 1)}}","id":"{{user.name_id}}"}
﻿
19
Set:
Allow Unecrypted Assertions to No
Allow Unsigned Responses to No
Sign Requests to Yes
20
Select the team and Save.
Once saved, the page will reload. Sign out.
You will receive an email with the subject Activation complete: SSO ready for your organization upon successful activation. If you encounter any issues while logging in using SSO, disable SSO using the "one-time link" (valid for 24 hours). 
Service Provider initiated SSO
Go to make.com. 
Click Sign in with SSO.
Enter the namespace you chose for your organization.
Log in using your Okta credentials and consent to 's access to your user data.
﻿
Field	Value
Name ID format	EmailAddress
Application Username	Okta username
Update application username on	Create and update
MS Azure AD SAML
SAML certificate management