Skip to main content
Setting up single sign-on with OKTA
Samantha Szadovszky avatar
Written by Samantha Szadovszky
Updated over a year ago

This guide is intended for IT administrators requiring assistance with the single sign-up configuration in OKTA. Thanks to a recent update, we now provide in-platform support for setting up and managing your single sign-on configuration for OKTA.

You can refer to the in-platform instructions for setting up single sign-on using SAML in Plexus. This guide will specifically focus on the steps to follow whilst you are logged into OKTA as an administrator.


Creating an app integration


Log into OKTA and click into the menu dropdown for Applications. Select Applications again from the dropdown.

On the resulting page, click Create App Integration.

Select the SAML 2.0 option for the sign-in method from the resulting page and click Next.

Name the Plexus app and include our logo as required.

Then click Next.


Configure your SAML settings


Follow the instructions in this guide to Copy the following fields into the OKTA SAML settings section.

  • Single sign-on URL

  • Audience URI (SP Entity ID)

Leave all the other values with the defaults as shown:

  • Default RelayState: Empty

  • Name ID format: Unspecified

  • Application username: Okta username

  • Update application username on: Create and update


Mapping the attributes


You'll then need to map the Attribute Statements to the app attributes available in Plexus. These are:

  • first_name → user.firstName

  • last_name → user.lastName

  • email → user.email

  • name → user.displayName

Where Okta requests an optional "Name Format", select the dropdown option for Unspecified.


Complete the optional questions


Finish app creation by completing the optional OKTA support questions, if you wish.

Click Finish.


Finalising the configuration


Click Generate new certificate to generate your signing certificate.

Then copy and paste the following fields from Okta into the Plexus SAML configuration page to finalise your set up:

  1. Identity Provider Single Sign-On URL: Copy this field

  2. X.509 Certificate: Click Download certificate.

Paste the Identity Provider Single Sign-On URL into the equivalent field in Plexus. Then drag and drop your X.509 Certificate into the allocated area to Upload certificate as highlighted in this guide.

Then scroll to the top of the page and Click Save to finalise your changes. Click Enable SAML when you are ready to enable your single sign-on configuration.


Enforcing a user's location and permissions


Plexus currently offers user authentication, providing users access to Plexus using their single sign-on credentials. The ability to enforce a user's unit (their location) and role (their permissions) is managed in Plexus and is not facilitated by single sign-on.

Once single sign-on is configured, users can sign straight into the platform and will be given access to the default unit with the default role. This will allow your users to access the platform and use the apps straight away.

The designated platform admins will receive an email notification to assign the new users to their correct units and provision the correct roles. Any documents uploaded during this time will move with the user to their correct unit.

Need further assistance? Reach out to [email protected] for further guidance.

Did this answer your question?