# SAML with Okta

{% hint style="info" %}
This process can only be fully achieved in collaboration with our team. 

Exact instructions are provided in the impacted sections below where this exchange of information is required.
{% endhint %}

## Create a new SAML application in the Okta Admin Console

1. Sign-in to your Okta Admin Console.
2. On the sidebar, navigate to **Applications** -> **Applications**
3. On the main view, click "Create App Integration" button

<figure><img src="/files/aKwiaO81C1obHIzQqXbb" alt=""><figcaption><p>Create SAML Application</p></figcaption></figure>

4. In the Modal Dialog, select **SAML 2.0** and click **Next**

<figure><img src="/files/y99lVC1Nla6rPC9d2DlJ" alt=""><figcaption><p>Select App Integration type</p></figcaption></figure>

## Configure SAML Application&#x20;

### Under the General Settings tab

1. Choose a name of the connection (that name will appear on your Okta apps)
2. Add application logo (optional)&#x20;
3. Click **Next**

### Under the Configure SAML tab

1. **Single sign-on URL** set [https://auth.rely.io/login/callback/login/callback?connection={CONNECTION\_NAME}](https://auth.rely.io/login/callback/login/callback?connection=okta-saml-prod-viktor)

{% hint style="info" %}
Note

We will provide you with a {CONNECTION\_NAME}. To get it, use one of our dedicated channels:

* Direct outreach to your dedicated Customer Success Manager
* In Slack via your Dedicated Channel (for Enterprise customers)
* Via your in-product chatbot
* Via email to <support@rely.io>
  {% endhint %}

2. **Audience URI (SP Entity ID)** set  `urn:auth0:relyio:{CONNECTION_NAME}`
3. Scroll down to the **Attribute Statements** section:&#x20;
   1. Add an attribute statement for [`https://app.rely.io/email`](https://app.rely.io/email) with **Value** set to `user.email`
4. Click **Next** and then **Finish** to create the application.

<figure><img src="/files/oj53dRC4QzWB7rmJIJy6" alt=""><figcaption><p>Set SSO Url and Audience</p></figcaption></figure>

### Share the Sign on URL and X509 Certificate with Rely.io

To secure the SAML connection, share a certificate with Rely and the Sign-in URL

{% hint style="info" %}
You can share the data using one of our dedicated channels:

* Direct outreach to your dedicated Customer Success Manager
* In Slack via your Dedicated Channel (for Enterprise customers)
* Via your in-product chatbot
* Via email to <support@rely.io>
  {% endhint %}

#### Share the Sign on URL with Rely.io

1. Navigate to the previously created SAML application
2. Select the **Sign On** tab
3. On **Metadata details,** click **More details** to expand the Sign-on URL
4. Copy the **Sign-on URL** and share it with Rely

<figure><img src="/files/eJJExKyFBsOPWrZtvDcr" alt=""><figcaption><p>Copy Single Sign-On url</p></figcaption></figure>

### Share X509 Certificate with Rely

1. Scroll down to find the **SAML Signing Certificates** section.
2. Generate a new certificate via the **Generate new certificate** button
3. Find the **Active** certificate and click **Actions**
4. Click **Download certificate**
5. Share the certificate with Rely

<figure><img src="/files/TWdAOXRML4ByhAC3xYhJ" alt=""><figcaption><p>Generate and download certificate</p></figcaption></figure>

There you go! You can now use Single Sign-on with Okta and Rely.io.

## Sync Okta Groups with Rely (Optional)

You can expose Okta groups with the Rely app. This will allow your Rely users to have their Okta groups in sync with Rely teams. Follow the steps below to expose Okta groups:&#x20;

1. In the Okta Admin Console, navigate to **Applications** and select the newly created SAML application.
2. Select the **General** tab
3. Scroll down to **SAML Settings -> Edit**
4. At the **Configure SAML** tab, scroll down to **Group Attribute Statements (optional)**
5. Add **groups** as names, and **filter: Matches regex: `.*`**
6. Save

<figure><img src="/files/E7n8srAsqaP4kVPuFAah" alt=""><figcaption></figcaption></figure>

When your users log in to Rely using this SAML connection, the user's groups will be imported into Rely as teams out of the box, allowing your users to communicate, share resources and manage tasks efficiently within a group.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.rely.io/security-and-compliance/single-sign-on-sso/saml-with-okta.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.