Setting Up Okta SSO
This document outlines the steps required to set up Okta SSO with StepSecurity.
StepSecurity uses AWS Cognito as the service provider for the SSO experience. Please note that StepSecurity-based SSO allows login only when initiated by the service provider.
Setup Instructions
Step 1: Log in to Okta
Log in to the Okta Admin Console
Navigate to Applications > Applications from the left sidebar.

Step 2: Create App Integration
Click on Create App Integration on the Applications page.

Step 3: Choose SAML 2.0
Select SAML 2.0 as the Sign-in method, then click Next.

Step 4: Configure General Settings
On the General Settings page:
Enter the App name as StepSecurity.
Optionally, add the StepSecurity logo:
Click Next to continue.

Step 5: Configure SAML Settings
Provide the following values:
Single sign-on URL:
https://login.app.stepsecurity.io/saml2/idpresponse
SP Entity ID:
urn:amazon:cognito:sp:us-west-2_PGbAJDNzx
(Optional) For Idp initiated login we can add the Default RelayState:
identity_provider=
<IDP_NAME_IN_COGNITO>
&client_id=
<COGNITO_CLIENT_ID>
&redirect_uri=https%3A%2F%2F.stepsecurity.io%2Fauth%2Fcognito%2Fcallback&response_type=code&scope=email+openid+phone+profile

Step 6: Add Attribute Statement
Under Attribute Statements, add the following field:
email → user.email

Step 7: Add Group Attribute Statements
Scroll down to ‘Group Attribute Statements’ and add following field.
Name as ‘Groups’ and use Filter as ‘Matches regex’ with value as ‘.*’

Step 8: Save Settings
Scroll down keeping the default values, then click Next.
Step 9: Provide Feedback
Optionally, provide feedback. Then click Finish.

Step 10: Share Metadata URL
After finishing, you will see a screen displaying the Metadata URL.
Copy the Metadata URL and share it securely with the StepSecurity team.

Step 11: Assign Users
Under the Assignments tab, add users who should have access to this application.
Step 12: Confirm SSO Setup
Once StepSecurity confirms the SSO setup is complete:
Users can go to the StepSecurity login page.
Enter their email address under the Sign in with your corporate ID section.
They will then be redirected to authenticate via Okta SSO.

Step 13 (Optional): Access StepSecurity Console via Okta App
Contact us to get your RelayState value
In the Okta Admin Console, go to:
StepSecurity app → Sign On → Settings → Edit
and paste the provided value into the Default Relay State field under the SAML 2.0 section.

Last updated
Was this helpful?