SSO Setup for Okta
Ryan Bickham avatar
Written by Ryan Bickham
Updated over a week ago

Once you're on the Authentication section of your Directory, use the following steps to set up single sign-on using Okta and SAML.


Supported SAML features

The following features are supported with Sift's SAML integration to Okta

  • IdP-initiated SSO

    • Sign-in can be initialized from Okta

  • SP-initiated SSO

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

Step 1: Go to Okta, and add Sift from the Okta App Catalog

  1. Go to Applications->Applications->Browse App Catalog

  2. Search for "Sift" using the search bar, and add the integration

  3. Navigate to the "Sign In" tab and click the "Edit" button

Step 2: Provide the necessary Service Provider (SP) information from Sift to Okta

  1. Leaving Okta open in a separate tab, navigate to your Authentication Page in your Sift admin dashboard for the Directory in which you want to set up SSO (In many cases, you'll only have a single Directory).

  2. Flip the switch in the "Single Sign on With SAML" box to "On"

  3. In your web browser URL, you will see an address formatted something like: ""

  4. Copy the directory identifier (in the above exampe: "1bac640a-b87c-47cd-bee4-9081267fb786" and enter it in the "DirectoryId" input box in Okta.

  5. Copy the subdomain (in the above example: "my-subdomain") and enter it in the "SubDomain" input box in Okta.

  6. Set "Name ID format" to "EmailAddress"

  7. Set "Application username" to "Email"

  8. Under "Attribute Statements", add the following:

    1. Name: firstName Name format: Basic, Value: user.firstName

    2. Name: lastName Name format: Basic Value: user.lastName

  9. Click "Next"


Step 3: Provide the necessary Identity Provider (IdP) information from Okta to Sift

  1. In Okta, copy the "Metadata URL" and navigate to the URL in your web browser

  2. Save the XML metadata to your computer (Ctrl/Cmd + S)

  3. Open the saved XML file in a text editor, and copy the content to your clipboard

  4. In Sift, paste the XML string in the "IDP Metadata" text area

  5. In Sift, set the attribute mappings as shown below. The values on the left hand side should match the "Name" values you set in Okta above

  6. (Recommended) If you would like to disable standard username/password authentication on Sift, and only allow your users to sign in via SSO, flip the switch next to "Passwords" to Off

  7. Click the "Save" button


Step 4: Assign users/groups in Okta and test the integration

  1. In Okta, go to the "Assignments" tab

  2. Assign any users and groups that you would like to have access to Sift, including yourself if you'd like to test the integration

  3. Go to your end user dashboard in Okta and click on the newly created application to test IdP (Okta) initiated SSO. To test SP (Sift) initiated SSO, go to, and enter your email address

  4. You should be successfully signed in! If you have any issues, reach out to us

Did this answer your question?