Okta - SAML Setup

This guide will set up a custom Okta SAML Application that will allow your users to login to Hava. These steps can be followed for most SSO identity providers, though the field names may be different. Custom apps will be coming soon.

1. Log into Hava and head to your Account Settings. From there select SSO Config, then click SAML on the protocol selection page. This will show you the Service Provider values you will need to enter into Okta

2. Log into Okta and click Applications → Create App Integration

3. Select SAML 2.0 and click Next

4. Name the app Hava and click Next

5. Use the Service Provider values from the Hava SSO SAML section to complete the fields on this page:

   1. Single Sign on URL is Assertion Consumer Service URL

   2. Audience URI is Issuer (Entity ID)

   3. Default RelayState is also Issuer (Entity ID)

   4. Name ID format is set to EmailAddress

6. Leave the rest as is and click Next

7. Select Okta customer and click Finish

8. Click View Setup Instructions to see the information required for Hava

9. Head back to the Hava SSO SAML config page and select Add SAML Config

10. Enter the config values from the Okta setup instructions:

    1. Identity Provider Entity ID is Identity Provider Issuer

    2. Identity Provider SSO URL is Identity Provider Single Sign-On URL

    3. Public x509 Certificate is X.509 Certificate

11. Click Save to complete the setup

You can now either test the login via your Okta App page, or by heading to the Login URL displayed in the Service Provider details in Hava. Once you have confirmed the configuration works you can then Enable your provider to limit logins to SSO only for your account.