# Okta {% hint style="info" %} This feature is available in the **Premium plan and higher**. {% endhint %} {% hint style="danger" %} **Remember to** [**grant your Okta users access permissions**](#step-4-managing-user-access) **to GoodAccess. Users without them won't be able to log in.** {% endhint %} ## Step 1 - Adding a new identity provider [Log in to the GoodAccess **Control Panel**, and go to **Settings** > **SSO & Identity**.](https://app.goodaccess.com/sso-and-identity/) Click **+ Add provider**, enter the **Provider name**, choose your **Identity Provider**, and click **Continue**. ## Step 2 - Setting up Single Sign-On with SAML Log in to the Okta Admin console, and go to **Applications** > **Applications**. Click **Create App Integration**, select **SAML 2.0**, and click **Next**.
Okta Admin console with key steps to creating a new application integration.

Creating a new application integration

Okta Admin console with key steps to selecting SAML 2.0 as a sign-in method for the application integration.

Selecting SAML 2.0 as a sign-in method

### 1. General Settings Give the application a name, and click **Next**.
Okta Admin console with key steps to setting up the "General Settings".

Setting up the General Settings

### 2. Configure SAML Copy the details from GoodAccess - **(2) GoodAccess links**. #### General * **Single Sign-On URL** - Assertion Consumer Service URL * **Audience URI (SP Entity ID)** - Entity ID * **Default RelayState** - Relay State * **Name ID format** - Unspecified * **Application username** - Email #### **Attribute Statements** | Name | Name format | Value | | ------------------------ | ----------- | ---------- | | "email" (without quotes) | Unspecified | user.email | Return to GoodAccess, and click **Continue**. Return to Okta, and click **Next**.
Okta Admin console with key steps to configuring SAML.

Configuring SAML

### 3. Feedback Choose one of the **Feedback** options, and click **Finish**. ### 4. Setting up GoodAccess In the application go to **Sign** **On** > **SAML 2.0**, and click **More details**. Copy the details to GoodAccess - **(3) Identity Provider links**, and click **Continue**. * **Sign in URL** - Sign on URL * **Entity ID** - Issuer * **X509** **signing certificate** - Signing Certificate
Okta Admin console with key steps to setting up GoodAccess.

Setting up GoodAccess

{% hint style="info" %} If you don't want to setup SCIM, skip the next step in GoodAccess, and click **Submit** to finish the configuration. {% endhint %} You have now successfully set up your Okta SSO with GoodAccess. ## Step 3 (optional) - Setting up SCIM In the application, go to **General** > **App Settings**, and click **Edit**. Select **SCIM**, and click **Save**.
Okta Admin console with key steps to enabling SCIM.

Enabling SCIM

### 1. SCIM Connection Go to **Provisioning** > **Integration**, and click **Edit**. Copy the **URL** and **Token** from GoodAccess - **(4) User provisioning (SCIM)**. * **SCIM connector base URL** - URL * **Unique identifier field for users** - "email" (without quotes) * **Supported provisioning actions** * Push New Users * Push Profile Updates * Push Groups * **Authentication Mode** - HTTP Header * **Authorization** - Token Return to GoodAccess, and click **Submit**. Return to Okta, and click **Save**.
Okta Admin console with key steps to setting up SCIM connection.

Setting up SCIM connection

### 2. Provisioning to App Go to **Provisioning** > **To App**, and click **Edit**. **Enable**: * Create Users * Update User Attributes * Deactivate Users Click **Save** to finish the configuration.
Okta Admin console with key steps to setting up provisioning to app.

Setting up provisioning to app

### 3. (optional) Adding groups to provisioning Go to **Push Groups**, and click **+ Push Groups** > **Find groups by name/rule**. Find the desired group, and click **Save**.
Okta Admin console with key steps to adding groups to provisioning.

Adding groups to provisioning

{% hint style="info" %} The whole provisioning process will take around **20 minutes** to complete depending on the number of members and groups being added. {% endhint %} You have now successfully set up your Okta SCIM with GoodAccess. ## Step 4 - Managing user access In the application, go to **Assigments**, and click **Assign** > **Assign to People/Groups**. Choose who should have access, and click **Done**.
Okta Admin console with key steps to managing user access.

Managing user access

Okta Admin console with key steps to managing user access.

Managing user access

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://support.goodaccess.com/configuration-guides/features/sso-scim/okta.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.