Okta SAML
This feature is available to Enterprise customers.
The following manual configuration creates an SAML SSO configuration for your Enterprise organization.
- Owner role in an Enterprise organization
- Okta account with admin access
This configuration supports the following:
- Service Provider initiated SSO
- Single Log Out [optional]
Before configuring SSO, you need to assign a namespace and create a Service Provider certificate and private key. These important steps provide information you need to enter later.
Click Organization in the left sidebar.
Click the SSO tab.
Under Namespace, enter the namespace you want for your organization. For example, acme_corp. Your organization members enter this namespace when they log in via SSO.
Under SSO type, select SAML 2.0.
Copy the Redirect URL and save it in a safe place. You will use this later when you create your SAML integration in Okta.
Click Organization in the left sidebar.
Click the SSO tab.
Scroll down to find Service Provider Certificates.
Find your new certificate. Refer to the Valid from and Expires dates if you are unsure.
On the right side of the row for your certificate, click the icon.
Select Download.
Your browser downloads your SP certificate as a .pem file. You can find it in your downloads folder.
Log in to Okta and go to Applications > Applications.
Click Create App Integration.
Select SAML 2.0 in the popup winder and click Next.
In the General Settings tab, name your app and upload your icon.
Click Next.
In the Configure SAML tab, enter the Single sign-on URL that you copied in the steps to create your namespace above.
Enter the Audience URI (SP Enttity ID) as https://www.make.com/sso/saml/{{namespace}}/metadata.xml.
Keep the Default Relay State blank.
Enter the following information:
Field | Value |
|---|---|
Name ID format | EmailAddress |
Application Username | Okta username |
Update application username on | Create and update |
Click Show Advanced Settings.
Verify that all of the information provided matches the following:
Set Assertion Encryption to Encrypted. For the Signature Certificate field, upload the Service Provider Certificate you downloaded above.
Under Attibute Statements (optional), add the attribute as shown in the image and click Next to save.
Select the following options and click Finish.
Assign people to your application under the Assignments tab in Okta.
Under the Sign On tab in Okta, view the SAML setup instructions.
Copy the Identity Provider Single Sign-On URL and the Identify provider certficate and save them in a safe place.
In , under Organization > SSO, update the IdP log URL field and the Identify provider certficate field with the information obtained in Okta in step 16.
Enter the following in the Login IML resolve field:
Set:
- Allow Unecrypted Assertions to No
- Allow Unsigned Responses to No
- Sign Requests to Yes
Select the team and Save.
Once saved, the page will reload. Sign out.
You will receive an email with the subject Activation complete: SSO ready for your organization upon successful activation. If you encounter any issues while logging in using SSO, disable SSO using the "one-time link" (valid for 24 hours).
- Click Sign in with SSO.
- Enter the namespace you chose for your organization.
- Log in using your Okta credentials and consent to 's access to your user data.