# Setting Up Okta SSO This document outlines the steps required to set up Okta SSO with StepSecurity. **You can follow this interactive demo to get started with setting up Okta SSO:** {% embed url="" %} ### Setup Instructions #### Step 1: Configure SAML Settings * On the StepSecurity App navigate to Admin Console → Security & Auth → Configure SSO → Okta

* Copy the values displayed here #### Step 2: Log in to Okta * Log in to the Okta Admin Console * Navigate to Applications > Applications from the left sidebar.

#### Step 3: Create App Integration * Click on Create App Integration on the Applications page.

#### Step 4: Choose SAML 2.0 * Select SAML 2.0 as the Sign-in method, then click Next.

#### Step 5: Configure General Settings * On the General Settings page: * Enter the App name as StepSecurity. * Optionally, add the StepSecurity logo: [StepSecurity Logo Link](https://stepsecurity-public-media.s3.us-west-2.amazonaws.com/media/step-security-logo.png) * Click Next to continue.

#### Step 6: Configure SAML Settings * Paste the values you obtained from the StepSecurity App into the corresponding fields in Okta

#### Step 6: Add Attribute Statement * Under Attribute Statements, add the following field: * email → user.email

#### Step 7: Add Group Attribute Statements * Scroll down to ‘Group Attribute Statements’ and add following field. * Set Name as ‘Groups’ * We recommend creating dedicated Okta groups for StepSecurity, such as `StepSecurity-Administrators` and `StepSecurity-Auditors`. Follow the instructions below to set them up:

How to Setup StepSecurity Okta Groups

1. Navigate to the Admin Console in your Okta dashboard and select Groups ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/6bbe7362-3052-45b1-838d-0031b36209a4/ascreenshot_f14a324afdf449d7848b6dea7dc8d83f_text_export.jpeg) 2\. Click "Add group" ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/26f134b6-2763-4282-8734-8cf28604af70/ascreenshot_9fef4a89c64b4368aede2ffa58693a6e_text_export.jpeg) 3. Enter `StepSecurity-Auditors` as the group name. (Usually there are two groups that should be created `StepSecurity-Administrators` is the second one ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/c2457df7-b0f2-44dd-b33b-ee1e8a195346/ascreenshot_7c6851f1e6694652975698d7cd41b5c7_text_export.jpeg) 4\. Click "Submit" ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/c587c465-86ba-45c5-99b0-298bcd8b3d3e/ascreenshot_e4d77be07b4344d4915190fcd5d70623_text_export.jpeg) 5. Repeat the same steps to create StepSecurity-Administrators ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/8dc72129-3616-4000-b5c4-14647ddd5f09/ascreenshot_a42b65db568c4df099c138ab273d04ca_text_export.jpeg) 6\. To add users to a group, select the group and click Assign people ![](https://colony-recorder.s3.amazonaws.com/files/2026-01-06/370de5bb-9b3d-41b0-95d8-a952a1c708cd/ascreenshot_8b105429ba544e9aaa49a8b5f2414198_text_export.jpeg)

* Choose Matches regex and enter this regex `.*StepSecurity`*`.*`*

{% hint style="danger" %} **You should only pass specific groups to the StepSecurity platform. If the app passes all group memberships, it may exceed the maximum request body size** {% endhint %} * This enables StepSecurity’s SCIM-like functionality — for example, you can use Okta groups and map them to roles in the StepSecurity dashboard. #### Step 8: For Idp Initiated login(Optional) * In the Okta Admin Console, navigate to StepSecurity app → Sign On → Settings → Edit, then paste the Default Relay State value (copied from the StepSecurity App) into the SAML 2.0 section **(For IDP initiated login)**

#### Step 9: Assign User to Application * Ensure you are added to the Okta application as a user so you can access it. * To do this, go to the Applications section, click "Assign Users to App", select both the application and the user you want to assign, then confirm the assignment.

#### Step 10: Save Settings * Scroll down keeping the default values, then click Next. #### Step 11: Share Metadata URL * After finishing, you will see a screen displaying the Metadata URL. Copy this URL.

* On the StepSecurity App share the Email Domains and Metadata URL gotten from the Okta App and submit the configuration. Ping the StepSecurity team on Slack or email, then wait for the StepSecurity Operations Team to update your tenant

#### Step 12: Confirm SSO Setup * On the StepSecurity → Security & Auth page, you can test your SSO integration. * To verify that the SSO flow is working, follow these steps: * Authorize your email address for SSO access: Navigate to the Admin Console -> Members and click "Add Members". * Select SSO as the Authentication Type and add your email as an authorized member. * Log out of your current StepSecurity session. * Go to `https://app.stepsecurity.io/login` and log in using SSO. * Confirm that you can successfully access the dashboard. * For additional confirmation, go to Admin Console → Security & Auth, then in Step 3 of the Okta SSO configuration, click "Run SSO Test". Verify that all checks on the test page pass successfully

#### Step 13: Add Members {% hint style="info" %} **Important**: If any changes are made to SSO group membership in Okta (for example, adding or removing a user from a group), the affected user must log out and log back into StepSecurity for the updated group access and role mappings to take effect immediately otherwise it will be reflected once the sso session is renewed. {% endhint %} Every SSO identity must be explicitly authorized in the StepSecurity dashboard. You can do this in two different ways: * Authorize Individual users * Authorize Okta groups

**To authorize individual users:** * The user must also be explicitly authorized to access the Okta application, either by assigning the user directly to the app or by assigning a group the user belongs to.

* Once the user is authorized in Okta in your StepSecurity dashboard navigate to Admin Console -> Members

* Click "Add Members" and select the SSO option * Add the user's email address

**To authorize Okta groups:** * Ensure that the Okta group is authorized to use the Okta application

* Once the group is authorized in Okta in your StepSecurity dashboard navigate to Admin Console -> Members * Click "Add Members" and select the SSO Group option * Add the SSO group

For more details on adding members to your StepSecurity dashboard, visit this [documentation](https://docs.stepsecurity.io/admin-console/members). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.stepsecurity.io/admin-console/security-and-auth/setting-up-okta-sso.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.