# Okta

> Enable Okta SAML SSO for Applivery — connect your Dashboard, App Store, and MDM Portal using Okta credentials.

Source: https://docs.applivery.com/en/platform/authentication/sso/okta/  •  Last updated: 2026-04-18

**Key topics:** SAML configuration, Okta application setup, Applivery SSO integration, Identity Provider metadata, Applivery, Okta, SAML, Service Provider, Identity Provider

---

**TL;DR:** Configure Applivery SSO with Okta SAML by creating a SAML application in Okta and uploading the metadata to Applivery, enabling users to log in with their Okta credentials.

:::warning
This is a premium feature that may not be available on your current plan. Check availability on the [Applivery pricing page](https://www.applivery.com/pricing/).
:::

Once configured, your organization members will be able to log in to the Applivery Dashboard, App Store, or MDM Portal using their Okta credentials — no separate Applivery password required.

:::warning
Okta does not support metadata file upload. Unlike other Identity Providers, Okta does not allow importing the Applivery pre-configured SAML Metadata XML file. You must configure the SAML application in Okta manually using the values provided in the Applivery Dashboard. This guide covers the exact values to use for each portal type.
:::
:::info
If you plan to use a custom domain for your App Store or MDM Portal, configure it in Applivery **before** starting this guide. Custom domains change the callback URLs, so the order matters.
:::

* * *

## Prerequisites

-   Administrator access to your Applivery Workspace.
    
-   Administrator access to your [Okta Admin Portal](https://www.okta.com/).
    
-   Your Applivery **organization slug** — visible in the URL when logged into the Applivery Dashboard (e.g., `demo` in `https://dashboard.applivery.io/demo/...`).
    
-   If you are using a custom domain, make sure it is configured first in Applivery under the Settings section, then navigate to Store Customization from the left-hand menu.
    

* * *

**Get the Service Provider values from Applivery**

Applivery acts as the SAML **Service Provider (SP)**. Since Okta requires manual entry, you need to collect two specific values from the Applivery SAML configuration screen.

Once in the [**Applivery Dashboard**](https://dashboard.applivery.io/), go to your **Workspace Settings** from the top dropdown menu, then open Login providers in the left-hand menu. Find the **SAML** row and click **Configure** for the portal you want to protect — **Dashboard**, **App Store**, or **MDM Portal**.

![login providers](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/7756cdbd-a769-4464-a458-6d957e34ff73.png)

Copy the following values:

#### Values by portal type

**Dashboard**

| Field | Value |
| --- | --- |
| **Single Sign-On URL (Callback URL)** | `https://dashboard.applivery.io/welcome/sso/{organization_slug}` |
| **Audience URI (SP Entity ID)** | `https://dashboard.applivery.com/sso/{organization_slug}/metadata.xml` |

**App Store (Enterprise Store)**

| Field | Value |
| --- | --- |
| **Single Sign-On URL (Callback URL)** | Your App Store URL: `{organization_slug}.applivery.io` or your custom domain `you.yourcompany.com` |
| **Audience URI (SP Entity ID)** | `https://dashboard.applivery.com/sso/{organization_slug}/metadata.xml` |

**MDM Portal**

| Field | Value |
| --- | --- |
| **Single Sign-On URL (Callback URL)** | `https://mdm-portal.applivery.io/login/{organization_id}` |
| **Audience URI (SP Entity ID)** | `https://dashboard.applivery.com/sso/{organization_slug}/metadata.xml` |

Replace `{organization_slug}` and `{organization_id}` with your actual values, visible in the Applivery SAML configuration screen.

**Create a SAML application in Okta**

#### Create a new App Integration

Log in to your [Okta Admin Portal](https://www.okta.com/), go to **Applications** (inside Applications), and click the **Create App Integration** button.

![create app integration](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/6c523c0f-2dc0-433f-be3c-6129455f9e6f.png)

Select **SAML 2.0** as the sign-on method, then click **Next**.

#### General settings

Enter a name for the application (e.g., `Applivery`), and optionally upload a logo for easy identification. Then click **Next**.

![general settings](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/8f131921-9567-4603-ac2d-fc35b86c9b5f.png)

#### Configure SAML settings

Fill in the following fields on the SAML configuration screen:

| Field | Value |
| --- | --- |
| **Single sign-on URL** | The Callback URL for your portal from Step 1 |
| **Audience URI (SP Entity ID)** | The Entity ID for your portal from Step 1 |
| **Name ID format** | `EmailAddress` |
| **Application username** | `Email` |

![saml settings](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/43e3bad4-a697-4fc7-8674-85b93d0a3f50.png)

Leave all other fields at their default values.

:::warning
The **Single sign-on URL** field must contain the **Callback URL** (not the general login URL). For example, for the Dashboard portal: `https://dashboard.applivery.io/welcome/sso/demo`.
:::

Click **Next** when done.

#### Configure Group Attribute Statements

To enable Okta groups to be sent to Applivery (required for distribution group filtering and role mapping), you need to configure a **Group Attribute Statement**.

Scroll down to the **Group Attribute Statements** section. If it is collapsed, click **Show Legacy Configuration → Edit**.

Add a group claim with the following settings:

| Field | Value |
| --- | --- |
| **Name** | `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups` |
| **Name format** | `URI Reference` |
| **Filter** | See filter options below |

**Filter options** — choose based on your needs:

| Option | When to use |
| --- | --- |
| **Starts with** + a prefix | Send only groups whose names begin with a specific prefix. Useful for scoping which Okta groups are synced to Applivery. |
| **Matches regex** `.*` | Send all Okta groups the user belongs to. |
| **Regex** with a specific pattern | Send only groups matching a custom regular expression. |

![group attribute statement](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/be3b5ea8-bae5-4823-982e-338b64f1ad6f.png)

Click **Save** to apply the attribute statement.

#### Complete the application setup

Finish the Okta wizard (click **Next** through any remaining steps). Okta will confirm the application has been created.

**Get the Identity Provider metadata from Okta**

Applivery needs Okta's Identity Provider metadata to validate incoming SAML assertions. Inside the newly created application in Okta, go to the **Sign On** tab, click **View SAML Setup Instructions**. Next, scroll to the bottom of the page and locate the **Identity Provider metadata** section. Copy the full XML content and save it as a `.xml` file (e.g., `okta-metadata.xml`).

![view saml setup instructions](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/a5b18fc1-7639-4405-b5c4-45b6651c484e.png)

**Complete the configuration in Applivery**

Go back to the Applivery SAML configuration screen for the same portal you started with in Step 1.  
Under **Step 2** of the Applivery SAML form, upload the **Federation Metadata XML** file you saved from Okta and click **Save**. Use the **toggle switch** to **enable** the SAML integration for your organization.

**Assign users in Okta**

Before users can authenticate via SSO, they must be assigned to the Applivery application in Okta.

In your Okta application, go to the **Assignments** tab. Click **Assign** and select **Assign to People** or **Assign to Groups,** depending on your preferred access management approach. Assign the users or groups who should have access to Applivery and click **Done**.

![assignments](https://docs.applivery.com/int/_r2/media/09ac0a4e-3ad8-478f-9f15-3474973eec71/269956c4-cd2f-469f-bafe-cea22810564a.png)
:::warning
Users who are not assigned to the application in Okta will not be able to log in via SSO, even if the integration is correctly configured.
:::

**Test the integration**

Once both sides are configured and enabled, test with an assigned user:

-   **Dashboard:** Go to [https://dashboard.applivery.io/welcome/sso](https://dashboard.applivery.io/welcome/sso) and enter the user's email. You will be redirected to Okta for authentication.
    
-   **App Store / MDM Portal:** Navigate to your App Store or MDM Portal URL. Users with SAML configured will be redirected to Okta for authentication before accessing the portal.
    

If authentication fails, double-check that the **Single Sign-On URL** in Okta exactly matches the Callback URL from Applivery (including the organization slug), and that the user is assigned to the application in Okta.
