Skip to content

Okta Workforce Identity SAML setup#

Set up SAML SSO in Ensemble with Okta.

Prerequisites#

You need an Okta Workforce Identity account, and the redirect URL and entity ID from Ensemble's SAML settings.

Okta Workforce may enforce two factor authentication for users, depending on your Okta configuration.

Read the Set up SAML guide first.

Setup#

  1. In your Okta admin panel, select Applications > Applications.
  2. Select Create App Integration. Okta opens the app creation modal.
  3. Select SAML 2.0, then select Next.
  4. On the General Settings tab, enter Ensemble as the App name.
  5. Select Next .
  6. On the Configure SAML tab, complete the following General fields:
    • Single sign-on URL: the Redirect URL from Ensemble.
    • Audience URI (SP Entity ID): the Entity ID from Ensemble.
    • Default RelayState: leave this empty.
    • Name ID format: EmailAddress.
    • Application username: Okta username.
    • Update application username on: Create and update.

  7. Create Attribute Statements:

    Name Name format Value
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/firstname URI Reference user.firstName
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/lastname URI Reference user.lastName
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn URI Reference user.login
    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress URI Reference user.email

  8. Select Next. Okta may prompt you to complete a marketing form, or may take you directly to your new Ensemble Okta app.

  9. Assign the Ensemble app to people:
    1. On the Ensemble app dashboard in Okta, select Assignments.
    2. Select Assign > Assign to People. Okta displays a modal with a list of available people.
    3. Select Assign next to the person you want to add. Okta displays a prompt to confirm the username.
    4. Leave the username as email address. Select Save and Go Back.
    5. Select Done.
  10. Get the metadata XML: on the Sign On tab, copy the Metadata URL. Navigate to it, and copy the XML. Paste this into Identity Provider Settings in Ensemble.
  11. Select Save settings.
  12. Select Test settings. Ensemble opens a new tab. If you're not currently logged in, Okta prompts you to sign in. Ensemble then displays a success message confirming the attributes returned by Okta.