Please note: Changing the login method to identity provider involves permanently deleting all existing members. Your team members will be automatically added to GoodAcces upon their first login. Currently added devices will be retained.
In case you have problem with login in with SSO (white page; Error: not_a_saml_app) try to clear your cookies and caches, then try to log in with SSO again. If the problem persists, please contact our support.

Step 1

In the GoodAccess Control Panel go to Settings, switch to the Login & Security tab and click on Okta.

Step 2

Gather the following details required in the next steps:
  • Entity ID
  • Assertion Consumer Service URL

Step 3

Go to Okta, navigate to Applications, and click Create App Integration.

Step 4

Choose SAML_2.0

Step 5

Name your app, upload a logo, and click Next.

Step 6

Fill out the SAML Settings and Attribute Statements

SAML Settings

  • Single Sign on URL - Assertion Consumer Service URL (Step 2)
  • Audience URI (SP Entity ID) - Entity ID (Step 2)
  • Default RelayState - Enter "/"
  • Name ID format - Choose "Unspecified"
  • Application username - Choose "Email"

Attribute Statements

  • Name - Enter "email"
  • Name format - Choose "Unspecified"
  • Value - Choose "user.mail"

Step 7

Choose one of the options and click Finish.

Step 8

Once you have created the new app, open its SAML configuration under the Sign-on tab.

Step 9

Gather the following details required in the next steps:
  • Identity Provider Single Sign-On URL
  • Identity Provider Issuer
  • Download certificate

Step 10

In the GoodAccess Control Panel enter the details from previous step as follows:
  • Sign in URL - Identiy Provider Single Sign-ON URL (Step 9)
  • Entity ID - Identity Provider Issuer (Step 9)
  • X509 Signin certificate - upload certificate (Step 9)

Step 11

You can now connect with Okta SSO.