Setting Up Okta SSO

This document outlines the steps required to set up Okta SSO with StepSecurity.

StepSecurity uses AWS Cognito as the service provider for the SSO experience. Please note that StepSecurity-based SSO allows login only when initiated by the service provider.

Setup Instructions

Step 1: Log in to Okta

  • Log in to the Okta Admin Console

  • Navigate to Applications > Applications from the left sidebar.

Step 2: Create App Integration

  • Click on Create App Integration on the Applications page.

Step 3: Choose SAML 2.0

  • Select SAML 2.0 as the Sign-in method, then click Next.

Step 4: Configure General Settings

  • On the General Settings page:

  • Click Next to continue.

Step 5: Configure SAML Settings

  • Provide the following values:

    • Single sign-on URL:

      https://login.app.stepsecurity.io/saml2/idpresponse

    • SP Entity ID:

      urn:amazon:cognito:sp:us-west-2_PGbAJDNzx

  • (Optional) For Idp initiated login we can add the Default RelayState:

identity_provider=<IDP_NAME_IN_COGNITO>&client_id=<COGNITO_CLIENT_ID>&redirect_uri=https%3A%2F%2F.stepsecurity.io%2Fauth%2Fcognito%2Fcallback&response_type=code&scope=email+openid+phone+profile

Step 6: Add Attribute Statement

  • Under Attribute Statements, add the following field:

    • email → user.email

Step 7: Add Group Attribute Statements

  • Scroll down to ‘Group Attribute Statements’ and add following field.

    • Name as ‘Groups’ and use Filter as ‘Matches regex’ with value as ‘.*’

Step 8: Save Settings

  • Scroll down keeping the default values, then click Next.

Step 9: Provide Feedback

  • Optionally, provide feedback. Then click Finish.

Step 10: Share Metadata URL

  • After finishing, you will see a screen displaying the Metadata URL.

  • Copy the Metadata URL and share it securely with the StepSecurity team.

Step 11: Assign Users

  • Under the Assignments tab, add users who should have access to this application.

Step 12: Confirm SSO Setup

Once StepSecurity confirms the SSO setup is complete:

  • Users can go to the StepSecurity login page.

  • Enter their email address under the Sign in with your corporate ID section.

  • They will then be redirected to authenticate via Okta SSO.

Step 13 (Optional): Access StepSecurity Console via Okta App

  • Contact us to get your RelayState value

  • In the Okta Admin Console, go to:

    StepSecurity app → Sign On → Settings → Edit

    and paste the provided value into the Default Relay State field under the SAML 2.0 section.

Last updated

Was this helpful?