Back to SSO Setup Options

Setting up SAML SSO with Okta

Follow these steps to configure Okta as your SAML identity provider for Atticus.

Note: These instructions cover the basic setup only. Your organisation may have different requirements or specific security policies. If you need assistance or have questions about your specific setup, please reach out to your Atticus account manager or our support team.
Step 1

Create new Okta Application

Begin by logging into your Okta Admin Console. Once you're logged in, navigate to ApplicationsApplications in the left-hand menu. From there, click the Create App Integration button to start the setup process. When prompted to choose a sign-on method, select SAML 2.0 and click Next to continue.

Okta create app type selection modal showing SAML 2.0 option

Enter an App name such as "Atticus" to identify the application in your Okta dashboard, then click Next to proceed to the SAML configuration.

Okta app integration general settings page
Step 2

Configure SAML Settings

On the SAML Settings page, you'll need to enter the connection details provided by Atticus.

For Single sign-on URL, enter the Reply/ACS URL provided by Atticus (e.g., https://app.atticus.tech/api/v1/auth/sso/saml/callback/4aedd0de-48ce-4c70-9d11-2c7156e6df80). Make sure the checkbox Use this for Recipient URL and Destination URL is checked.

For Audience URI (SP Entity ID), enter the Entity ID (e.g., https://app.atticus.tech).

For Name ID format, select Persistent. For Application username, set it to Custom and use user.getInternalProperty("id"). This sends Okta's internal user ID as the Name ID, which is a stable, persistent identifier that will never change — even if a user's name or email is updated.

Okta SAML configuration page showing Single sign-on URL and Audience URI fields
Step 3

Configure Attribute Statements

Next, you'll configure the user attributes that Okta will send to Atticus during authentication. These attributes allow Atticus to identify and authenticate users properly. Scroll down to the Attribute Statements section.

Add user attributes by clicking Add Another to create new rows, then enter the following attributes. These determine what user information Okta sends to Atticus:

  • first (user's given name): user.firstName
  • last (user's surname): user.lastName
  • email (user's email address): user.email

Optional: If you would like to send an Employee ID, Salary ID, or other organisational identifier to Atticus, you can add it as an additional attribute statement. For example:

  • employeeId (employee identifier): user.employeeNumber

Consult with your Atticus account manager if you would like to include additional identifiers.

Refer to the screenshot below for a complete example of the configured attributes:

Okta attribute statements configuration showing first, last, and email attributes

After entering all attributes, click Next to continue to the feedback page.

Step 4

Complete Application Setup

On the Application Feedback page, you can optionally provide information about how you're using the application. This step is not required for the integration to work.

You can leave the fields blank or fill them in based on your preferences, then click Finish to complete the application creation.

Okta feedback page for app integration
Step 5

Share Metadata with Atticus

The Okta application for Atticus is now configured! The final step is to provide the SAML metadata to Atticus.

In the Sign On tab of your application, locate the Metadata details section. You'll find a Metadata URL link.

Copy this URL and send it to your Atticus account manager or the Atticus platform team. Alternatively, you can click the URL to view the XML metadata and download it as a file to share.

Okta metadata details section showing the Metadata URL
Setup Complete! Your Okta SAML SSO is now configured. Once the Atticus team completes the configuration, users will be able to sign in using their Okta credentials.