# OKTA In order to use Okta as an Identity Provider, we need to set up a new application. The following steps will guide you through the setup and configuration:\ \ 1\. Select the *Applications* section from the menu on the left and click **Applications**. A dashboard will open where you have the option to create new applications. To do so, click **Create App Integration**: ![Creating an App in Okta](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2F0mdBRC6v0zCIauF4YW1s%2Fokta-apps-screen.png?alt=media\&token=2d59f365-c384-4fee-b022-d3d45df21bca) 2\. Select the *SAML2.0* type of integration and click **Next**. ![Selecting SAML2.0 for your Exivity integration](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FALSv7KCha3y5jNGPPy8F%2Fokta-creating-app-saml2-selection.png?alt=media\&token=ffc8c209-afc7-41c8-9095-16c43487c49e) 3\. Choose a relevant name for your app. You also have the option to add your logo. Click **Next** to go to the SAML configuration screen. ![Customizing the Okta app](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FALkp73bKc89AbHP9HNhY%2Fexivity-okta-first-general-config.png?alt=media\&token=2714ada6-0c30-4457-8f44-f2d433b4c184) 4\. Next, you must fill in the General information for the SSO URL and the SP Entity ID. ![Filling in SSO URL and Entity ID ](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FrsfZWGsNx1dzBuv6ZEqs%2Fconfig-okta.png?alt=media\&token=e530d0c2-d80e-405c-af91-2eebbc0de1e9) In a separate browser tab, open Exivity, navigate to **Administration** > **Settings** > **Single sing-on** and copy the values from the *Endpoints* section to your Okta configuration with the following mapping: ![Mapping between Okta and Exivity](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2Fb0LR3cZz9PJjiTkVOVwC%2Fconfig-exivity-okta-mapping.png?alt=media\&token=96cd1f67-a385-4be4-834b-b8bf35cc7440) {% hint style="success" %} The Single Logout option is not mandatory to configure, therefore your SSO Okta integration with Exivity will work accordingly without it. {% endhint %} 5\. Click **Next**, fill in the additional questions requested by Okta, and then finally, click **Finish**.
6\. Now that you created your application, navigate to the **Sing on** tab and click the **View Setup Instructions** button in the yellow box. ![Setup instructions for SAML2 integrations with Exivity](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FkstwzcPdRd4HZlYK36Ec%2Fokta-step2.png?alt=media\&token=5cc5f988-e0c6-4bce-8d42-20b2f7f07986) 7\. The values from the following screen have to be inserted into the Exivity *Single sign-on* settings screen with the following mapping: ![SAML2 mapping between Okta and Exivity ](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2Fd4SJP5Q5ek4tn5XTZ7ZG%2Fmapping-exivity-okta-sso.png?alt=media\&token=cdca2ec0-4c54-46f8-b9f1-57b7cf4d5c18) 8\. Click **Update** to save your configuration. \ 9\. In order to have a completely functional configuration, we must add the Okta domain name to the CORS origins whitelist known by Exivity. Navigate to the **System** tab in the **Administration** > **Settings** menu and add your domain in the *CORS origins* field. Your domain may look similar to: `https://`*`name`*`.okta.com` ![Adding Okta to the CORS whitelist](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FpU7HaN5g2HI3xFdCBBzz%2Fokta-cors-origins.png?alt=media\&token=5e949fe2-e130-47ed-a12d-542c0df475e7) {% hint style="success" %} Make sure to separate the CORS origins domains with a comma. {% endhint %} 10\. Click **Update** to apply your new settings. 11\. Enable Single Sign-On in Exivity by navigating to **Administration** > **Settings** and then clicking on the **System** tab. Make sure the *Single Sign-On* option is set to an option including *SAML2 Authentication:* ![Enable Single Sign-On](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FX1hRFI7twnPhcOIe4Cax%2Fenable-saml-2.png?alt=media\&token=f69da502-ddc0-4aa6-8174-1f4b2902464e) 12\. Click **Update** to apply your change. 13\. Log out of the current session and you will be redirected to the login page which may look like this: ![SSO login](https://1141395848-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FPRZvuYYNyI3vz1mar1l4%2Fuploads%2FbP6QLzTugKB7wWtDxBen%2Fsso-login.png?alt=media\&token=5f82045c-5c1f-469a-86ce-10f3e8c52101) 14\. And by clicking on the **Login** button, you'll be taken to the Okta login screen.