Enable Okta SSO with SAML

How to enable Okta SSO for your Enterprise Arpio Account

These steps will help you configure Okta and Arpio so your Okta users can access Arpio without supplying new authentication credentials.

Before you begin, open two web browser windows.  In the first window, sign in to the Applications page in your Okta Console.  In the other, navigate to the Account page in your Arpio Console.

Create a new application in Okta

  1. In the Okta window, click Create App Integration.
  2. From the list of options, select SAML 2.0 as the sign-in method and click Next.
  3. Name your application and select Next to move on to configuring SAML.
  4. For the Single Sign On URL use: https://api.arpio.io/api/auth/samlAcs
  5. To get the Audience URI for your account, go to your Arpio Account page, click Add Identity Provider, and copy the text for “Audience Restriction URI / Entity ID.
  6. Back in the Okta Console, leave the Default RelayState blank.
  7. You can keep the defaults for: Name ID format, Application username, and Update application username.

    Screen Shot 2022-01-17 at 1.58.06 PM-global-1
  8. In the Attribute Statements section, you will create two new Attribute Statements, as follows :
    1. Name: FirstName Name Format: Basic  Value: user.firstName (case sensitive)
    2. Name: LastName Name Format: Basic  Value: user.lastName (case sensitive)

      Okta Attribute Statements screenshot
  9. Click Next.
  10. On the final Feedback step, select I’m an Okta customer adding an internal app.
  11. Click Finish.

Configure SAML for your new application

After completing set up, you will be dropped on to the Sign On tab of your new application. You should see a notice in the middle of the Settings that SAML 2.0 is not configured until you complete the set up instructions.

To complete set up:

  1. Click View Setup Instructions.
  2. Scroll to the bottom of the page and copy the IDP metadata from 1 in the Optional section.Okta IDP metadata screenshot
  3. Navigate back to the Account page in your Arpio console.
  4. Select Add an Identity Provider
  5. Name your SSO application appropriately, then paste the XML from Okta in the Metadata field. 
    Screen Shot 2022-01-17 at 2.59.50 PM-global-2
  6. Click Save.

Congratulations, your Okta integration with Arpio is complete! You can assign your Arpio application to your Okta users individually or in groups.