Set Up Single Sign-On (SSO) with Okta

This guide explains how to configure Single Sign-On (SSO) with Okta for Declaree using SAML 2.0.

Step 1: Retrieve Information from Declaree

1. Log into your Declaree administration as an administrator.

2. Go to Configuration → Single Sign-On.

3. In the General tab:

   • Enter a required subdomain (e.g., your company domain).

   • Enter your email domain.

   • Make a note of these values.

4. Go to the SAML tab:

   • Check Activate SAML 2.0 and and download the federation metadata.

     

Single Sign-On - General tab a. Enter a required subdomain value. You can use your domain

Step 2: Configure Okta

1. Log into your Okta instance as an administrator.

2. Go to Applications → Applications.

3. Click Create App Integration.

4. In the popup, select SAML 2.0, then click Next.

General Settings

• Enter an App name (e.g., “Declaree”).

• (Optional) Upload the Declaree logo.

  

• Click Next.

Configure SAML

• Single sign-on URL: copy the AssertionConsumerService Location from the federation metadata XML (step 1).

  • Example: https://mydomain.declaree.com/saml/sp/acs or https://mydomain.declaree.de/saml/sp/acs.

• Audience URI (SP Entity ID): copy the entityID from the metadata.

  • Example: https://saml.declaree.com or https://saml.declaree.de.

• If you are not using email addresses as Okta usernames, set Application username to Email.

• Click Next.

Feedback

• Select I’m an Okta customer adding an internal app.

• Click Finish.
  

Post-Setup

• You’ll be redirected to the Declaree integration page in Okta.

• In the Sign On tab, scroll down and click View SAML setup instructions (keep this page open).

• In the Assignments tab, assign Declaree to the relevant people or groups.

Step 3: Fill in the Declaree SSO SAML Form

1. In Declaree, go to Admin → Single Sign-On → SAML.

2. Complete the form:

Federation metadata URL:

1. Copy the Identity Provider Single Sign-On URL from Okta (step 2).

2. Remove the section between /app/.../sso/.

3. Add /metadata at the end.

4. Example: https://mycompany/app/som3l3tt3rsandnumb3rs/sso/saml/metadata.

5. Check Automatically update to keep metadata up to date.

6. IdP SSO login URL: copy the Identity Provider Single Sign-On URL from Okta.

7. Issuer ID: copy the Identity Provider Issuer value from Okta.

8. NameID format: leave as Persistent.

9. Signing Certificate: download the certificate from Okta and upload it here.

10. Click Save.

Step 4: Test the Login

Go to your Declaree subdomain (https://mydomain.declaree.com or https://mydomain.declaree.de) and log in using SSO.

✅ If successful, your Okta SSO setup is complete.