Okta SAML Setup

Enable your users to sign in to Odeus using their Okta accounts via SAML 2.0.

Overview

This guide walks you through configuring SAML single sign-on with Okta. You'll create a new SAML application in Okta, configure the authentication settings, and establish a secure connection between your identity provider and Odeus.

Once complete, your users will be able to sign in to Odeus using their Okta credentials.

Setup Checklist

Verify that you have completed these steps from the setup checklist:

• You have access to an admin account in your Odeus workspace
  • "Join by domain" is enabled in your Odeus security settings
  • Your domain is added and verified in your Odeus security settings
  • You have an Okta account with the ability to create and manage Applications

Create a new SAML application in Okta

First, you need to create a new SAML application in your Okta Admin console.

To do this, follow these steps:

1. In your Okta Admin console, navigate to "Applications" → "Applications"
2. Click "Create App Integration"
3. Select "SAML 2.0" as the sign-in method and click "Next"
4. Name your application (e.g., "Odeus") and, optionally, upload an app logo
5. Click "Next"

SAML Configuration

Odeus uses SAML 2.0 as the standard for SSO authentication. After creating the application, you need to configure the SAML settings.

In Odeus, navigate to your Security settings and copy the following values:

1. The "Assertion Consumer Service (ACS) URL"
2. The "Audience URI (SP Entity ID)" value (odeus.ai)

In the "Configure SAML" step in Okta, fill in the following fields:

1. "Single sign-on URL": Paste the "Assertion Consumer Service (ACS) URL" from Odeus
2. "Audience URI (SP Entity ID)": Paste the "Audience URI (SP Entity ID)" value from Odeus (e.g., odeus.ai)
3. "Name ID format": Select "EmailAddress"
4. "Application username": Select "Email"

You can leave the other fields with their default values. Click "Next" to proceed.

On the feedback page, select "This is an internal app that we have created" and click "Finish".

Connect Okta to Odeus

After finishing the application setup, you need to copy the Okta SAML metadata to Odeus.

In the "Sign On" tab of your newly created Okta application:

1. Click "View SAML setup instructions"
2. Copy the "Identity Provider Single Sign-On URL" — this is your Sign on URL in Odeus
3. Copy the Identity Provider Issuer this is your Issuer in Odeus
4. Copy the "X.509 Certificate" and paste it into the "Certificate" field in Odeus. Copy the entire certificate so that the beginning and end match the example below:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

Finally, activate the "SAML Active" toggle to enable SSO.

To let people outside verified domains sign in without Okta, configure Allow External Authentication in SAML settings.

Assign Users

To allow your users to sign in to Odeus via Okta, you need to assign them to the application.

In the "Assignments" tab of your Okta application, click "Assign" and either:

• Select "Assign to People" to assign individual users
• Select "Assign to Groups" to assign entire groups

Test the SAML setup

To test the setup, please stay logged in in the current browser session and open a separate browser or an incognito window and navigate to https://app.odeus.ai.

Enter an email address of a user assigned to the Okta application and click "Continue".

You will be redirected to the Okta login page, where you can enter your credentials.

After successful authentication, you will be redirected back to Odeus and logged in.

Troubleshooting

If you encounter any issues during the setup, reach out to [email protected] for assistance.