# Okta

## Overview

**Okta SAML SSO** allows your users to sign in to [VGS Dashboard](https://dashboard.verygoodsecurity.com) using your existing Okta account.\
Follow the manual to configure the *VGS* Okta application.

## Setup

### 1. Sign in to the [Okta Console](https://login.okta.com/).

### 2. Add application

* In the Admin Console, go to **Applications > Applications** and click **Add Application**.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2F8znzXNd5ULKlakPjffI5%2Fadd_app_1.png?alt=media&#x26;token=3cafb140-64df-43ae-93b2-5581c210239a" alt=""><figcaption></figcaption></figure>

### 3. Search for the *VGS* application

* In the **Search for an application** field, enter **VGS** and select **Very Good Security**.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2Fk9uuRSGdSdPuCIEYZOB1%2Fsearch_app.png?alt=media&#x26;token=08aa0c7b-2107-4b8d-b45f-e62441376465" alt=""><figcaption></figcaption></figure>

### 4. Add the *VGS* application

* Click **Add**.&#x20;

  <figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2FbTh4CqzYsPG0sEPYO6Ri%2Fadd_app_2.png?alt=media&#x26;token=35f97428-f540-49f8-8df5-52e1535b942d" alt=""><figcaption></figcaption></figure>

### 5. Complete the fields on the **General Settings** page

* Assign the **Application label** and click **Done**.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2FFxQcrUxP0UDPGeBRLyu9%2Fgeneral_settings.png?alt=media&#x26;token=98dcdac0-a346-404f-a664-7b1aa4661627" alt=""><figcaption></figcaption></figure>

### 6. Copy *Identity Provider metadata* URL

* In the **Settings** section of the **Sign On** pane navigate to **SAML 2.0** and copy the **Identity Provider metadata** URL.&#x20;

  <figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2FSLrSrgewrDXZe6J6VUyD%2Fmetadata_url.png?alt=media&#x26;token=1b91092e-42eb-43fb-9e27-e4f6ee7e6ae6" alt=""><figcaption></figcaption></figure>

### 7. Link the *VGS* application with your active organization

> You need to [**activate**](https://docs.verygoodsecurity.com/enterprise-platform/access-management/enterprise-identity-providers/broken-reference) your organization before you proceed with custom IDP SSO setup.

* Go to [VGS Dashboard > Organization settings](https://dashboard.verygoodsecurity.com) page.

* Scroll down to the **SAML Settings** section.

* Paste the **Identity Provider metadata** URL from the previous step in the **Metadata URL** field.

* Click **Save**.

* After metadata processing, you will be able to switch the **Enable SAML SSO for this organization** toggle.

### 8. Copy the *Organization ID*

* Scroll up to the **General Settings** section and copy the **Organization ID** needed for the next step.&#x20;

### 9. Finish *VGS* application configuration

* Return to the Okta Admin Console.
* In the **Settings** section of the **Sign On** pane click **Edit**.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2F4RNrJ1LsTxL076wmU7vv%2Fedit_sign_on.png?alt=media&#x26;token=74a69bea-fe28-4269-80da-0e913a533cb8" alt=""><figcaption></figcaption></figure>

* Scroll down to the **Advanced Sign-on Settings** section.
* Paste the **Organization ID** from the previous step.
* Change the **Application username format** to **Email**.
* Click **Save**.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2FjJoM9WxF9VDsMWAeowcY%2Fadvanced_sign_on.png?alt=media&#x26;token=8a0e7499-23d8-448e-83d6-0da76f802403" alt=""><figcaption></figcaption></figure>

### 10. Assign users to the *VGS* application

* In the **Assignments** pane click **Assign** and assign the *VGS* application to people or groups.

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2FdMN5ntljr4jHltCVTrLk%2Fassign_users.png?alt=media&#x26;token=d5c532a9-f69c-4e50-b6d1-6d7b0506730c" alt=""><figcaption></figcaption></figure>

### 11. Now assigned users can use the *VGS* application to visit *VGS Dashboard*

Once Okta is configured, the preferred path for login for your users is to use Okta.

If they navigate directly to the dashboard, they will need to use the specific **Login URL** specified in the **SAML Settings** to ensure that they login via SSO&#x20;

<figure><img src="https://1773866054-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FzbOVGj5YTirkppRKlOP9%2Fuploads%2F0NLgXvadxhv5SexPYL7o%2Flogin_url.png?alt=media&#x26;token=a665223d-5fde-4663-9bf2-1df5f52ce013" alt=""><figcaption></figcaption></figure>

If they don't use that **Login URL**, the dashboard will log them in without using SSO and they may not be able to access your organization.