SAML SSO: Okta integration

Use Okta to authenticate users

In this tutorial you will see how you can integrate Tability with Okta.

1. Enable SSO via SAML in Tability

Go to your workspace settings in Tability. Go to the SSO screen and select SAML SSO as the authentication method.

Enable SSO

Keep this screen open, we'll need it later.

2. Add a new application for Tability in Okta

Open a new tab and go to your Okta account. Make sure that you switch to the Classic UI view.

Switch to the Classic UI

Go the Applications section and click on Add Application to create a new application for Tability.

Add app

In the next screen, select Create New App.

Create a new application

Leave Web as the platform and select SAML 2.0 as the Sign on method.

Create a SAML application

3. Configure SAML in Okta

Edit the Basic SAML configuration, and copy the value from your workspace SSO settings in Tability.

  • Single sign on URL: copy the value of the SP Consumer URL: (https://auth.tability.io/saml/consume/<workspace>)
  • Audience URI (SP Entity ID): copy the value of the SP Entity ID (https://auth.tability.io/saml/metadata/<workspace>)

Configure SAML

Save the settings

4. Configure SAML in Tability

In Okta, click on the button View Setup Instructions in the Sign On tab of your application settings.

View setup instructions

Copy the values of the Identity Provider Single Sign On URL and the X.509 Certificate from Okta.

View setup instructions

Copy the content of the certificate, including the BEGIN CERTIFICATE and END CERTIFICATE to the IDP certificate field in Tability.

Copy the Sign On URL from Okta, and paste the URL into the IDP SSO URL field in Tability.

Copy Okta params to Tability

Clikc on Update to save the settings.

Sign in via Okta to finalize your configuration.

Once SAML is activated, it will be the only authentication method for your workspace. Make sure that your admin account in Tability is associated to a user in Okta, otherwise you might lose access to your workspace settings.

To finalize the integration you need to sign in once via SAML SSO to validate your configuration.

Sign in to activate SSO via SAML

Click on the Log in via SSO to sign in.