Configure Single Sign On with Okta

TABLE OF CONTENTS

• Step 1 – Create a SAML 2.0 application in Okta
• Step 2 – Add users in Okta and Atlas
• Step 3 – Configure Single Sign On in Atlas
• Step 4 – Test the connection
• Troubleshooting tips

Step 1 – Create a SAML 2.0 application in Okta

1. Sign in to Okta

   • Go to your Okta sign-in page.

   • Sign in with your Okta administrator account.

   • If prompted, complete multi-factor authentication using the Okta mobile app or your configured method.

2. Create a new application integration

   • In the left-hand menu, go to Applications.

   • Click Create App Integration (or the equivalent Add Application button in your Okta tenant).

   • When asked to choose a sign-in method, select SAML 2.0.

   • Continue to the next step to configure the SAML settings.

3. Configure SAML settings in Okta

   • On the SAML configuration page, use the values from the Atlas Single Sign On configuration screen.

   • In Single Sign On URL (sometimes called Assertion Consumer Service URL), paste the Atlas Single Sign On URL from the Atlas configuration wizard.

   • In Audience URI (Service Provider Entity ID), paste the Atlas Audience / Entity ID from the Atlas configuration wizard.

   • Save your changes.

Step 2 – Add users in Okta and Atlas

1.  Import or create users in Okta

   • In Okta, go to Directory → People (or the equivalent area in your tenant).

   • Add users manually or import them from a CSV file, following your organisation’s process.

   • Make sure each user has the correct email address and profile attributes, including first name and last name.

2. Assign users to the Atlas application in Okta 
   • Go to Applications and open the SAML application you created for Atlas.
   • Assign the relevant users and/or groups to this application so they can sign in using SSO.
3. Add the same users in Atlas 

   • In Atlas, go to the user management area.

   • Create or confirm user accounts that match the email addresses (or usernames, for non‑email users) configured in Okta.

   • The user identifiers must match exactly between Okta and Atlas so that SSO can map users correctly.

Step 3 – Configure Single Sign On in Atlas

1. Configuration name and protocol
   • Open the Single Sign On configuration page in Atlas and start the wizard.
   • Enter a clear configuration name (for example, “Okta Single Sign On”).
   • If prompted, select SAML 2.0 as the protocol.
2. Atlas Single Sign On endpoint (for Okta) 
   • In Step 2 of the Atlas wizard, locate the Atlas Single Sign On endpoint details (Single Sign On URL and Audience URI / Entity ID).
   • Copy these values into the corresponding fields in your Okta SAML application configuration (as described in Step 1.3).
3. Service provider configuration (Okta metadata) 
   • In Okta, download or copy the Identity Provider metadata (or the certificate and SAML endpoints) for the Atlas application.
   • In Step 3 of the Atlas wizard, paste or upload this Okta Identity Provider metadata and certificate as requested.
   • Save and continue.
4. User attribute mapping 
   • In Step 4 of the Atlas wizard, map the incoming SAML attributes from Okta to Atlas user fields.
   • Typical mappings are:
     • Email address → Atlas email field
     • First name → Atlas first name field
     • Last name → Atlas last name field
   • Phone number is not required and can be skipped.
   • Use the exact attribute names configured in your Okta SAML application.
5. Additional settings 

   • In Step 5 of the Atlas wizard, configure any optional settings, such as:

     • Force Single Sign On: Require users in this configuration to sign in only via SSO.

     • Just‑in‑time provisioning (if available): Automatically create user accounts in Atlas when they sign in for the first time via SSO.

   • Review your settings and save the configuration. It should save without errors.

Step 4 – Test the connection

Run the test from Atlas

• On the Atlas Single Sign On configuration page, select Test connection.

• Atlas will redirect you to the Okta sign-in page.

Expected behaviour

• You are redirected to the Okta sign-in page.

• You can successfully sign in with a user who has been assigned to the Atlas application in Okta.

• After successful authentication, you are redirected back to Atlas.

• Atlas shows a confirmation that the connection test was successful.

Troubleshooting tips

If the test connection fails:

• Confirm that the Single Sign On URL and Audience / Entity ID values in Okta exactly match the values shown in Atlas.

• Check that the Okta user is assigned to the Atlas SAML application and that the same user exists in Atlas with matching identifiers.

• Verify that the SAML attribute names for email, first name, and last name in Okta match the mappings configured in Atlas.

• Review any error messages in Atlas or Okta to see which part of the configuration needs adjustment.

• If you still cannot resolve the issue, submit a ticket with:

  • A summary of the steps you followed, and

  • Any error messages or logs you received.