Single Sign-On to Salto with Okta

Customers who use Okta as their IdP can securely connect to Salto through SAML

Support avatar
Written by Support
Updated yesterday

Prerequisites

  1. Salto SAML integration is available for enterprise customers (see info about plans here: https://www.salto.io/pricing)

  2. Contact support@salto.io in order to initialize the process.


Supported features

  • IdP-initiated SSO

  • SP-initiated SSO

  • JIT provisioning


Configuration steps

  1. In your Okta Admin Console, browse the app catalog, search for Salto application and add it.

  2. For connection_name you should either use the one you got from Salto, or you can use your domain name with hyphens instead of dots, e.g.:
    ​acme.com β†’ acme-com
    acme.co.uk β†’ acme-co-uk

  3. After creating the application, select the Sign On tab, then download the Signing Certificate and copy the Sign on URL.

  4. Contact the Salto support team (support@salto.io) and ask to enable SAML 2.0 for your account, providing:

    1. Signing Certificate you downloaded

    2. Sign On URL you copied

    3. The connection_name you used (either provided by Salto, or chosen as noted above)

    4. If you also have a Sign Out URL

  5. Salto support team processes your request and provide you an Encryption Certificate (PEM) that will be used to set up SAML login on your side

  6. In your Okta Admin Console, select the Sign On tab for the Salto app, then click "Edit" and fill in the form with the details provided by Salto support team.

  7. Your SAML configuration for Salto is complete. You can start assigning users and groups to the application.

  8. For IDP-initiated SSO, after clicking Salto app in Okta, you will be redirected to https://app.salto.io/

  9. For SP-initiated SSO, navigate to https://app.salto.io/login, and enter the your email address:


Troubleshooting

If you encounter any issue during the process, or a generic access denied message after authenticating through Okta, consult with Salto support team (support@salto.io).

Please note, the Org Admin user in Salto must invite other users to the org, otherwise when new users log in via SSO they will not be able to access the Salto application.

See this article about inviting members for more information:

Did this answer your question?