Single Sign-On for Okta

How to Set Up Single Sign-On For Okta

Creating the App in Okta

  1. Log in to your Okta account.

  2. In the sidebar click to expand the Applications menu > click Application.

  3. Click Create App Integration.


  4. In the popup box, select SAML 2.0 > Next.

    Note: Okta includes a preconfigured Bluescape enterprise application in their Applications list. It would help if you did not use it as it is not configured correctly for the current release.

  5. On the Create SAML Integration screen, enter the app name and click Next.


  6. The SAML settings screen opens. Complete the following substeps:
    a. Enter the following in the Single sign-on URL field:


    Note: The final part of the URL–acs_id – is only a placeholder. It updates later with the actual ID of the SAML provider after the provider is added in Bluescape.

    b. Enter the following in the Audience URI (SP Entity ID) field.

    Note: The final part of the URL– customer_saml_provider_name – is only a placeholder. It updates later with the actual ID of the SAML provider after the provider is added in Bluescape.

    c. Leave the Default RelayState field blank.

    d. Set the Name ID format field to Email Address.

    e. Set the Application username field to Email.

    f. Leave the Update application username on field unchanged.


  7. Scroll down to the Attribute Statements section and enter the following four attributes to provision users on Bluescape:


    Name Name Format Value
    User.FirstName Unspecified user.firstName
    User.LastName Unspecified user.lastName
    User.Email Unspecified
    user_guid Unspecified

    Note on user_guid: If you choose to use a value other than, the value must be unique for each user and unchangeable, even if the user’s email changes.

  8. Click Next.

  9. (Optional) In the final section of the screen, provide feedback to Okta.

  10. To complete this stage of the setup, click Finish.
    Grabbing the Metadata URL to Provide Bluescape Support

  11. On the Sign-On screen that opens, scroll down to the SAML Signing Certificates.

  12. Click on Actions for the active certificate to open the actions dropdown.


  13. Select View ldP metadata.

  14. A new browser tab opens. Copy the URL and provide it to Bluescape Support.
    The link should be similar to the following example:

Updating the App Login URL’s in Okta

  1. Bluescape Support creates a new SAML provider and sends you its ID.

  2. At the top of the section, click the General tab.

  3. Scroll down to the SAML Settings field and click Edit.

  4. On the General Settings screen that opens, click Next.

  5. In the Single sign-on URL and Audience URI (SP Entity ID), replace the placeholder value, which is currently ID, with the ID you got from Bluescape Support in Step 15.
    Single sign-on URL = ASC URL
    Audience URI (SP Entity ID) = Entity ID URL

Now, go try it in your workspace! :bluescape_home:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.