- For new and existing Spekit customers that are looking to connect SSO/SCIM
- Login to Spekit
- Click Connect
- Click Connect with SSO/SCIM
- Follow the instructions (they should be similar to what's described below)
1) Log in to Okta
2 ) Go to the admin dashboard
3 ) Select "Applications" in the navigation bar
NOTE: These Okta screenshots reflect the new Okta Admin UI, Okta plans to deprecate the Classic UI in October 2021.
- If your application is already created, select it from the list of applications and move to Step 7
- If you haven't created a SAML application in Okta
1 ) Select "Create App Integration"
1 ) Select "Create New App"
2 ) Select "SAML 2.0" as a Sign on method
3 ) Click "Next"
4 ) Enter a descriptive App name
5 ) Click "Next"
1 ) Input the ACS URL from the WorkOS page as both the "Single sign on URL" and the "Audience URI (SP Entity ID)"
2 ) Scroll down to the "Attribute Statements" section
3 ) Use the "Add Another" button to add the following key-value pairs
4 ) Click "Next"
- id -> user.id
- email -> user.email
- firstName -> user.firstName
- lastName -> user.lastName
1 ) Select "I'm an Okta customer adding an internal app" from the options menu
2 ) Complete the form with any comments
3 ) Click "Finish"
- To give users permission to authenticate via this SAML app
- You will need to assign individual users and/or groups of users to the Okta SAML app
1 ) Click the "Assignments" tab
2 ) Select either "Assign to People" or "Assign to Groups"
3 ) Find the individual user(s) and/or group(s) that you would like to assign to the app
4 ) Click "Assign" next to them
5 ) Click "Done"
1 ) Select "Sign On" from the application tabs
2 ) Click "View Setup Instructions" in Sign On
1 ) Copy and paste the "Identify Provider Single Sign-On URL" into the IdP SSO URL field
2 ) Copy and paste the "Identity Provider Issuer" into the IdP URI (Entity ID) field
3 ) Select "Download certificate" to obtain the X.509 Certificate
4 ) Save it to your preferred directory
1 ) Upload the X.509 Certificate in your WorkOS Connection Settings
- Your Connection will then be verified and good to go!
You may need to rename the downloaded X.509 certificate from okta.cert to okta.cer.
Please see the next steps in the Okta configuration process How to Connect Okta SCIM to Spekit