How do I configure Single Sign-On with Okta?

A step-by-step guide to connecting Okta to Atlas using SAML 2.0, so your users can sign in to Atlas with their Okta credentials.

You'll need:

• An active Okta administrator account

• Access to Atlas with permission to configure Single Sign-On

• The Atlas Single Sign-On configuration page open in a separate browser tab — you'll be copying values between the two

1. Go to your Okta sign-in page and sign in with your administrator account.

2. Complete multi-factor authentication if prompted.

3. In the left-hand menu, select Applications.

4. Click Create App Integration.

5. When asked to choose a sign-in method, select SAML 2.0.

6. Continue to the SAML settings page.

Enter the values from your Atlas Single Sign-On configuration screen:

7. In the Single Sign On URL field, paste the Atlas Single Sign-On URL shown in the Atlas wizard.

8. In the Audience URI (Service Provider Entity ID) field, paste the Atlas Audience / Entity ID from the Atlas wizard.

9. Save your changes.

10. In Okta, go to Directory → People.

11. Add users manually or import them from a CSV file.

12. Make sure each user has the correct email address, first name, and last name.

13. Go to Applications and open the SAML app you just created.

14. Assign the relevant users or groups so they can sign in using Single Sign-On.

15. In Atlas, open the user management area.

16. Create or confirm accounts for the same users, making sure their email addresses match exactly what's in Okta.

💡 Tip: User identifiers must match between Okta and Atlas for Single Sign-On to work correctly.

Open the Single Sign-On configuration page in Atlas and follow the wizard.

17. Enter a Configuration name — for example, Okta Single Sign-On.

18. Select SAML 2.0 as the protocol.

19. In Step 2 of the Atlas wizard, you'll see the Atlas Single Sign-On URL and Audience / Entity ID.

20. These are the values you pasted into Okta in Step 1 — confirm they match.

21. From Okta, download or copy the identity provider metadata (or certificate and SAML endpoints) for your Atlas app.

22. In Step 3 of the Atlas wizard, paste or upload the Okta metadata and certificate as requested.

23. Save and continue.

In Step 4, map the Okta attributes to Atlas user fields:

• Email address → Atlas email field

• First name → Atlas first name field

• Last name → Atlas last name field

• Phone number — optional, can be skipped

Use the exact attribute names from your Okta SAML app.

You can optionally configure:

• Force Single Sign-On: Requires users to sign in through Okta only.

• Just-in-time provisioning: Automatically creates Atlas accounts for users signing in for the first time.

24. Review the settings and save. The configuration should save without errors.

25. In Atlas, select Test connection on the Single Sign-On configuration page.

26. Atlas will redirect you to the Okta sign-in page.

You've set things up correctly if:

• You're redirected to the Okta sign-in page

• You can sign in with a user assigned to the Atlas app in Okta

• After signing in, you're redirected back to Atlas

• Atlas shows a confirmation that the connection was successful

If the connection test fails, check the following:

• The Single Sign-On URL and Audience / Entity ID in Okta exactly match the values shown in Atlas.

• The Okta user is assigned to the Atlas SAML app and exists in Atlas with the same identifier.

• The SAML attribute names for email, first name, and last name in Okta match the mappings in Atlas.

• Review any error messages in Atlas or Okta for further detail.

If you're still stuck, contact your internal administrator or reach out to Atlas support — include a description of what you've tried and any error messages you've seen.