# Use Okta as your Identy Provider

## Overview

After enabling Onum as a service provider, you can set up Okta as an identity provider for SAML. You need to create a SAML app in your Okta admin dashboard to register your **Callback URL** so that Okta can send SAML responses to the correct location.

## Set up your custom Okta app

{% hint style="warning" %}
To activate Okta as an identity provider for SAML authorization, you need an Okta administrator account.
{% endhint %}

{% stepper %}
{% step %}
Log in to your Okta admin dashboard. In the left menu, go to **Applications > Create App Integration**. Choose **SAML 2.0** as the **Sign-in method** and click **Next**.
{% endstep %}

{% step %}
Enter a name for the app (e.g., *MyApp SAML SSO*) and optionally, upload an app icon. Click **Next**.
{% endstep %}

{% step %}
Now, enter these details from Onum:

{% hint style="warning" %}
Onum will not show the required **Callback URL** until you enter the identity provider details, so we will enter a placeholder URL here. 
{% endhint %}

<table><thead><tr><th width="170.08984375">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>Single sign-on URL / Audience URI</strong></td><td>Enter a temporary URL in these fields (eg, <code>https://placeholder.example.com/saml/acs</code>). You can copy the <strong>Callback URL</strong> if you already know it, or just use a dummy placeholder. We'll edit these fields later with the real value.</td><td></td></tr><tr><td><strong>Default RelayState</strong></td><td>You can leave this blank.</td><td></td></tr><tr><td><strong>Name ID format</strong></td><td>Select <strong>Unspecified.</strong></td><td></td></tr><tr><td><strong>Application username</strong></td><td>Select <strong>Email</strong>.</td><td></td></tr></tbody></table>

Click **Next** when you're done.
{% endstep %}

{% step %}
Choose which users or groups in Okta should have access, then click **Done**.
{% endstep %}

{% step %}
Once the app is created, Okta provides you with the IdP metadata.&#x20;

Now access Onum and go to the **Authentication** area in your Admin menu. Once there, click the **Configure Single-Sign-On** button and select **SAML** in the **Authentication method** field. Enter the following in the fields that appear:

<table><thead><tr><th width="169.69140625">Parameter</th><th>Description</th><th data-hidden></th></tr></thead><tbody><tr><td><strong>IdP Entity ID</strong></td><td>Enter the <strong>Identity Provider Issuer</strong> from your Okta app.</td><td></td></tr><tr><td><strong>Single Sign-On URL</strong></td><td>Enter the <strong>Identity Provider Single Sign-On URL</strong> from your Okta app.</td><td></td></tr><tr><td><strong>Certificates</strong></td><td>Paste the <strong>X.509 Certificate</strong> from your Okta app.</td><td></td></tr></tbody></table>

Now click **Save**. You'll be given a **Callback URL**.
{% endstep %}

{% step %}
Go back to your Okta dashboard and click **Applications >&#x20;*****Your SAML App*****&#x20;> General > SAML Settings > Edit**. Replace the placeholders with the real **Callback URL** you got in Onum. Save changes.
{% endstep %}
{% endstepper %}

Done! Okta is now your identity provider for Onum.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.onum.com/administration/global-settings/tenant/authentication/single-sign-on-sso-with-saml/use-okta-as-your-identy-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.