Okta
Configure Okta as a SAML identity provider for sfp.
Use the URL that matches your deployment mode. Self-hosted: replace
<your-domain>with your sfp server domain. Cloud: useauth.flxbl.io. See URL convention.
1. Create the application
Sign in to your Okta admin dashboard.
Go to Applications → Applications → Create App Integration.
Choose SAML 2.0 and click Next.
Give it a name (e.g. "sfp SSO") and click Next.
2. Configure SAML
On the Configure SAML step:
Single sign-on URL
https://<your-domain>/auth/v1/sso/saml/acs
Use this for Recipient URL and Destination URL
checked
Audience URI (SP Entity ID)
https://<your-domain>/auth/v1/sso/saml/metadata
Default RelayState
leave blank
Name ID format
EmailAddress
Application username
Email
3. Configure attribute statements
In Attribute Statements, add:
email
Basic
user.email
firstName
Basic
user.firstName
lastName
Basic
user.lastName
displayName
Basic
user.displayName
The Name ID itself is set by the previous step (EmailAddress → user.email). The attribute statements above expose the user's profile fields to sfp.
Click Next, fill in the feedback step, and Finish.
4. Copy the metadata URL
After the app is created:
Open the Sign On tab.
Under SAML Signing Certificates (or SAML Setup), click View SAML setup instructions or copy the Identity Provider metadata URL.
It looks like:
This is the only thing you need to hand to sfp.
5. Assign users
Open the Assignments tab.
Click Assign → Assign to People (or Assign to Groups).
Pick the users or groups that should have sfp access.
Users not assigned here will be rejected at Okta before they reach sfp.
Next step
Continue with Self-Hosted Setup or Cloud Setup to register the IdP with sfp.
Last updated
Was this helpful?