OKTA authentication configuration SAML

This how-to guide describes how to configure Unit4 Identity Services with OKTA - Saml 2.0.


The list of official IDS environments can be found here


Setup trust between U4IDS and your OKTA as follows:

  1. Create a new OKTA Application
    1. Create a new OKTA application
    2. Set the redirect URIs
    3. Get the Entity id
    4. Get the metadata address
  2. Register the OKTA application as a tenant in U4IDS
    1. Select the Unit 4 identity claim type and Name claim type
    2. Set the authority and idpRegId

Register U4IDS as an application in OKTA

Follow these steps:

Create a new OKTA Application

Create a new Application on your OKTA account by clicking Create Application button in the Applications section.

Select SAML 2.0 as the authentication method.

Give the application a name indicating that it is used for U4IDS authentication.

Set the redirect URIs

Enter the U4IDS acs URL in Single sign on URL field following the pattern https://<address of U4IDS installation>/identity/AuthServices/acs. Make sure that "Use this for Recipient URL and Destination URL" is checked.

Tab to Sign On menu and click for the link Identity Provider metadata

It will open new tab with metadata content.

Save the metadata Url as Authority and the entityId as IdpRegId.

Go to the Assignments tab and assign all users which will be able to use SSO as authentication method to your U4F website.

Register the OKTA application as a tenant in U4IDS

After the above steps are done, the collected information may be inserted into the Tenant resource in U4IDS:

See Identity providers in tenants for more information.

Select a unit4IdClaimType

For the unit4IdClaimType claim type the value of email was used but you could use another claim that is unique for a user in OKTA.

Set the idpRegId and idpSecret

The authority in IDS is the value of The metadata endpoint from OKTA. The idpRegId of IDS is the value of Entity Id from OKTA.