Skip to content
  • There are no suggestions because the search field is empty.

SSO Configuration Steps in Okta (SAML 2.0)

This guide describes how to configure Okta as a SAML 2.0 Identity Provider (IdP) for K1x.

SSO Configuration Steps in Okta (SAML 2.0)

This guide describes how to configure Okta as a SAML 2.0 Identity Provider (IdP) for K1x.

Prerequisites

You must have the following K1x service provider (SP) values before you start (provided by K1x support via email):

  • Assertion Consumer Service (ACS) URL (Okta label: Single sign-on URL)

  • SP Entity ID (Okta label: Audience URI (SP Entity ID))

These values are typically provided by your K1x technical contact.

1) Create the SAML app integration

  1. Sign in to the Okta Admin Console.

  2. Navigate to Applications → Applications.

  3. Select Create App Integration.

  4. Choose SAML 2.0 as the sign-in method.

  5. Click Next.

2) Configure SAML settings

General Settings

  • App name: K1x SSO

  • Optional: If users won’t use the Okta Dashboard, enable Do not display application icon to users (this hides the tile).

Click Next.

SAML Settings

Configure the following:

  • Single sign-on URL: set to the K1x ACS URL

  • Audience URI (SP Entity ID): set to the K1x SP Entity ID

  • Default Relay State: leave blank (unless you have a specific post-login landing path)

  • Name ID format: Unspecified (unless your org standardizes on EmailAddress)

Application username

Set Application username based on how your Okta org is configured:

  • If your Okta usernames are email addresses: select Okta Username

  • Otherwise: select Email

Set:

  • Update application username on: Create and Update

Leave Advanced settings at defaults unless your security team requires overrides.

3) Configure attribute statements (claims)

Add these attribute statements so K1x receives the user profile fields in the SAML assertion:

Attribute name Name format Value
firstName Unspecified user.firstName
lastName Unspecified user.lastName
email Unspecified user.email

Click Save.

Implementation note for technical admins: if you use a non-standard Okta profile (or sourced attributes from AD/HRIS), confirm these properties are populated for your pilot users before testing SSO.

4) Retrieve IdP configuration details for K1x

After saving, the Okta app page reloads. From the app’s Sign On section, collect:

  • Sign-on URL

  • Issuer

  • Signing Certificate

    • Download the certificate and send it to K1x as a .cert file.

Send these items to your K1x technical contact to complete the service provider configuration on the K1x side.

5) Final notes and deployment options

Okta Dashboard tile behavior

By default, this integration provides a SAML application tile on the user’s Okta Dashboard.

Support

If you run into issues during setup or testing, contact your K1x technical contact with:

  • The Sign-on URL, Issuer, and Signing Certificate you exported

  • The test user’s Okta username/email (so both sides can verify claim mapping and NameID behavior)