# Enable SSO With Okta as the Identity Provider

{% hint style="danger" %}
Single sign-on can be purchased with an Enterprise license.
{% endhint %}

Enabling single sign-on (SSO) for your domain within FeedOtter allows your Users to easily and securely log in to their accounts. This article will help you get set up if your IdP is Okta. For more general information on adding and using SSO with FeedOtter, check out Enable SSO in Your Account.

### Overview <a href="#steps" id="steps"></a>

Here are the steps that need to be completed to setup SAML login with Okta and FeedOtter.

1. Create Okta FeedOtter App
2. Assign Okta users to FeedOtter Okta app
3. Enter Okta settings into your FeedOtter admin
4. Test SSO login

FeedOtter user accounts will automatically be created upon first login by a verified Okta FeedOtter user.

### Create An Okta FeedOtter Application <a href="#steps" id="steps"></a>

1. Log in to your FeedOtter account using the OWNER user.  **You must be the FeedOtter Account Owner to setup single sign-on.**
2. Once you've logged in to FeedOtter, head to Settings > Company Settings **> Security > Single Sign-On.**
3. **Do not toggle Enable SAML just yet!**&#x20;
4. Take note of the Post-back URL and the Audience URI at the bottom of the page in your FeedOtter account. You will need to copy and paste this information into Okta. You will return to this page later to enable SAML and enter in your Okta certificate.&#x20;

<figure><img src="/files/rvXm9n9jFKu15IcMteLE" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
We try to keep our Okta screenshots up-to-date but due to UI changes on Okta's part things may not look 100% exact.
{% endhint %}

In Okta:

* Navigate to Applications
* Click Add Application
* The type should be **Web** and the Sign on method should be **SAML 2.0**

<figure><img src="/files/rN0bc1Pw37G2ocD0HCaU" alt=""><figcaption></figcaption></figure>

* Name your Okta app **FeedOtter**
* Copy the logo URL from the FeedOtter App SAML setup screen to make things pretty.

<div align="left"><figure><img src="/files/EBYzbtiu6n5OgrvpkpLL" alt=""><figcaption></figcaption></figure></div>

* Copy and paste the *Post-back URL and Audience URI* from FeedOtter to **Audience URI (SP Entity ID)** respectively.

<figure><img src="/files/1qk1XV0TAgqlyV80Fc1y" alt=""><figcaption></figcaption></figure>

* Scroll down to the ATTRIBUTE STATEMENTS (OPTIONAL) section on this same page. Add 2 attributes here as shown below, then click **Next**.

| Name      | Name Format | Value          |
| --------- | ----------- | -------------- |
| firstName | Unspecified | user.firstName |
| lastName  | Unspecified | user.lastName  |
|           |             |                |

* Select **I'm an Okta customer adding an internal app.**&#x20;
* Scroll to the bottom (skipping the other optional questions) and click **Finish**.
* Choose the  **Sign On** tab if not already on it.
* Click on the button indicated below to display your certificate.

<div align="left"><figure><img src="/files/GVmAc9HiAN0JxvP6RvRI" alt=""><figcaption></figcaption></figure></div>

### Enter Okta settings into your FeedOtter admin

{% hint style="danger" %}
It is very important that the certificate is copied exactly as provided by Okta.  The certificate text should include the ----- BEGIN CERTIFICATE text as well as the closing text.
{% endhint %}

* Return to FeedOtter and click the **Enable SAML** switch so it turns green.
* A new area will open up for you to paste in details from your Okta app and certificate.

<div align="left"><figure><img src="/files/AGeXDkuF2MDbdolzFfS1" alt=""><figcaption></figcaption></figure></div>

{% hint style="warning" %}
Please take care to match the input to the Okta descriptions. These change from time to time and are not in 1,2,3 order.
{% endhint %}

* If desired enable the "**Force SAML Sign-in"** if you want users to only log in to FeedOtter via SSO with Okta. An Account Owner will *always* be able to log in to FeedOtter with their account password. Click the **Save** button.

Single-sign on with Okta is now configured!

A typical next step would be to assign the appropriate users access to the FeedOtter Okta application in Okta.  There is no need to create a user in FeedOtter as a new sub-user will be created the first time an Okta user accesses FeedOtter via SSO.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.feedotter.com/account-management/security/enable-sso-in-your-account/enable-sso-with-okta-as-the-identity-provider.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.