# Okta SSO ## Prerequisites * Ensure you have a verified domain added to your Docupilot Organisation. Learn more on adding a [Verified Domain here](https://help.docupilot.app/~/changes/459/account-setup-and-administration/managing-your-org/verified-domains). * To enable SAML Single Sign-On (SSO) with Okta, you need to be the organization owner in Docupilot. ## Configuring Okta SSO To enable Single Sign-On (SSO) on Docupilot using Okta, follow the steps below: ### Step 1: Connect Okta in Docupilot

Connect SSO on your Docupilot account — Configuring Okta SSO

1. Navigate to **Login Methods** tab in your **Organization** settings. 2. Click **Connect SSO** under **SSO Login method**, and select **Okta** from the list. 3. Enter a display name for this SSO connection (for your own reference). 4. Click **Add method**.

### Step 2: Configure SAML SSO in Okta #### **A. Adding Docupilot App Integration** 1. Log in to your **Okta** **Admin Console**. 2. Navigate to the **Applications,** click **Browse App Catalog** and search for **Docupilot.** 3. Select the **Docupilot** card and click on **Add Integration.**

#### **B. Copy metadata from Docupilot to Okta** In the newly added integration, 1. Under **General Settings** set a desired **Application label** *(ex: Docupilot)* 2. From Docupilot, **copy** the **Unique ID** from the set up window and **paste** it in the respective field in **Okta.**

Copy Unique ID for new Okta SSO Integration

Paste the Unique ID from Docupilot into Okta

#### **C. Copy metadata from Okta to Docupilot** 1. In Okta, under the newly created application, navigate to **Sign On** tab and copy the **Metadata URL**.

2. Paste **Metada URL** in Docupilot and click **Save Configuration**

Paste **Metada URL** in Docupilot and **Save Configuration**

3. **Enable** the newly added SSO Configuration in Docupilot to activate it.

### Step 3: Login via Okta Add users to your Docupilot Application in Okta. Read [Assign applications to users](https://help.okta.com/en-us/content/topics/users-groups-profiles/usgp-assign-apps.htm) for detailed steps. Once assigned, users can log in to Docupilot using Okta SSO from the Organization Login page. If a user doesn't already have an account under your organization, one will be created automatically upon first login.

## Supported Features Docupilot supports the following **SAML** features: * IdP-initiated SSO * SP-initiated SSO * Just-In-Time (JIT) provisioning ## Supported SAML Attributes Docupilot supports the following SAML attributes. These attributes are preconfigured in the Okta integration. | Attribute | Okta Mapping | Required | | ------------- | -------------- | -------- | | Email address | user.userName | Yes | | First name | user.firstName | No | | Last name | user.lastName | No | {% hint style="info" %} • The Okta username (user.userName) must be a valid email address. • The email address is used as the unique user identifier in Docupilot. {% endhint %} ## Deleting SSO Login Method To delete the configured SSO Login method: 1. Navigate to **Login Methods** tab in your **Organization** page 2. Select the SSO method and click on **Delete Configuration**