# Okta Setup

{% hint style="warning" %}
Before continuing, this user should be an Okta admin for the organization, and a SAML Config must be created in the Integration Gateway Environment.
{% endhint %}

### Create the Integration Gateway application in Okta <a href="#oktasso-basicsetuphowto-createtheglyueapplicationinokta" id="oktasso-basicsetuphowto-createtheglyueapplicationinokta"></a>

From the Okta dashboard, find **Applications** on the left-hand panel and select **Applications** under it.

<figure><img src="/files/VF441xneVxfr7E4TSfwf" alt=""><figcaption></figcaption></figure>

Click the **Create App Integration** button.

<div data-full-width="false"><figure><img src="/files/Xq1c0L0NH2mlu9yo6bth" alt=""><figcaption></figcaption></figure></div>

Select **SAML 2.0** and click **Next**

<figure><img src="/files/4npUDA36Hjo23KOT68j9" alt=""><figcaption></figcaption></figure>

Give the app a name. We suggest something like Integration Gateway **DEV**, Integration Gateway **PROD** etc. Click **Next**.

<figure><img src="/files/LJX2uFyQs1NUq1KXDqLy" alt=""><figcaption></figcaption></figure>

### Provide Integration Gateway's SAML info to Okta <a href="#oktasso-basicsetuphowto-provideglyuessamlinfotookta" id="oktasso-basicsetuphowto-provideglyuessamlinfotookta"></a>

{% hint style="info" %}
The Integration Gateway environment SAML metadata will be required for the next step.

Integration Gateway always serves its metadata at `https://` (custom domain) `/sso/saml2/metadata/`. If this user is also a Integration Gateway administrator, the metadata URL will be displayed on the **Admin** site under **SAML Configs**.
{% endhint %}

#### **Single sign-on URL** <a href="#oktasso-basicsetuphowto-singlesign-onurl" id="oktasso-basicsetuphowto-singlesign-onurl"></a>

In the XML document, locate an element named `AssertionConsumerService` and grab the URL from its `Location` attribute (do not include the `"`).

<figure><img src="/files/pnmKybhcDHakjKgR7xad" alt=""><figcaption></figcaption></figure>

In most cases this will be `https://`\[domain]`/sso/saml2/acs/`

#### **Audience URI (SP Entity ID)** <a href="#oktasso-basicsetuphowto-audienceuri-spentityid" id="oktasso-basicsetuphowto-audienceuri-spentityid"></a>

In the XML document, locate the first element `EntityDescriptor` and grab the value for its `entityID` attribute. In most cases this will be the same URL of Integration Gateway's metadata (do not include the `"`).

<figure><img src="/files/jdiUVNOQsstSN8ki4x03" alt=""><figcaption></figcaption></figure>

<div data-full-width="false"><figure><img src="/files/wnng8uPKbWlHxr6jBoqW" alt=""><figcaption></figcaption></figure></div>

#### **Attribute Statements** <a href="#oktasso-basicsetuphowto-attributestatements" id="oktasso-basicsetuphowto-attributestatements"></a>

Although the Okta wizard says it is optional, it is actually necessary. Add an attribute called `email`, with `URI Reference` for its **Name format**. Select `user.email` as the **Value**.

<figure><img src="/files/bo6AehWNzF7NDRPDuQN5" alt=""><figcaption></figcaption></figure>

Click **Next,** provide feedback to Okta if so inclined, and click **Finish**.

### Get the Okta metadata for Integration Gateway <a href="#oktasso-basicsetuphowto-gettheoktametadataforglyue" id="oktasso-basicsetuphowto-gettheoktametadataforglyue"></a>

From the **Applications** screen, click the newly created application and go to the **Sign On** tab.

Under **Settings** > **Sign on methods** > **SAML 2.0** > **Metadata details**, grab the **Metadata URL**.

<figure><img src="/files/blwTkcVyTgrPU2Cc6xOU" alt=""><figcaption></figcaption></figure>

This will be needed on the Integration Gateway side, when adding this Okta environment as an IdP. If this user is not an Integration Gateway admin, please provide the URL to a Sandbox Banking employee.

{% hint style="warning" %}

#### Lastly… <a href="#oktasso-basicsetuphowto-lastly" id="oktasso-basicsetuphowto-lastly"></a>

Don’t forget to assign users or groups to the new Okta application- otherwise they won’t be able to authenticate with Integration Gateway via Okta SSO.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://glyue.docs.sandboxbanking.com/how-to-guides/how-to-set-up-single-sign-on-sso/okta-setup.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.