# Okta SSO for Apono logins

Implementing Okta Single Sign-On provides seamless and secure authentication across various applications. Centralized identity management reduces password fatigue and increases overall security for your organization.

This guide shows you how to enable SSO for logging in to Apono.

***

### Prerequisites

| Item                       | Description                                                                     |
| -------------------------- | ------------------------------------------------------------------------------- |
| **Okta developer account** | [Account](http://www.okta.com/) with administrative access to the Okta platform |

***

### Enable Okta SSO

{% hint style="info" %}
Use the following resources as needed:

* [Okta’s documentation](https://help.okta.com/en-us/content/topics/apps/apps_app_integration_wizard_saml.htm) for additional context about creating an integration
* [SAML field reference](https://help.okta.com/en-us/content/topics/apps/aiw-saml-reference.htm) for descriptions of the following integration settings
  {% endhint %}

Follow these steps to create a SAML integration and enable Okta SSO:

1. From the side navigation in the Okta Admin Console, click **Applications > Applications**. The **Applications** page opens.
2. Click **Create App Integration**. The **Create a new app integration** popup window appears.
3. Select **SAML 2.0**.
4. Click **Next**. The **General Settings** tab appears.
5. Enter an **App name** for the integration.
6. Click **Next**. The **Configure SAML** tab appears.
7. In the **Single sign-on URL** field, enter *<https://login.apono.io/auth/saml/callback>*.
8. In the **Audience URI (SP Entity ID)** field, enter *Apono*.
9. From the **Name ID format** dropdown menu, select **EmailAddress**.
10. From the **Application username** dropdown menu, select **Okta username**.
11. Under **Group Attribute Statements (optional)**, map your Okta groups to Apono roles by defining a group attribute statement.

    <table><thead><tr><th width="179">Field</th><th>Value</th></tr></thead><tbody><tr><td><strong>Name</strong></td><td><em>groups</em></td></tr><tr><td><strong>Filter</strong></td><td><strong>Starts with</strong><br>Enter the name of the group in the filter text field</td></tr></tbody></table>
12. Click **Next**. The **Feedback** tab appears.
13. Click **Finish**. The new application appears.
14. On the **Sign On** tab, under **SAML Signing Certificates**, click **Actions > View IdP metadata** for the active certificate. The XML file appears in a new tab.
15. Save the .xml file to your device.
16. Send the following information to Apono support:
    * The downloaded .xml file
    * Domains that your organization allows to log in to Apono

When your Okta SSO integration is available, you will be able to use SSO to log into Apono with your company domain.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.apono.io/docs/additional-integrations/identity-providers/okta-sso-for-apono-logins.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.