SAML Integration for OKTA AD

This guide explains how to integrate Okta with Timus Manager using the SAML 2.0 protocol. Once configured, your users can securely sign in to Timus applications using their Okta accounts via Single Sign-On (SSO).

1️⃣ Create a New Okta Application

  1. Sign in to your Okta Admin Console
  2. Navigate to Applications → Applications
  3. Click Create App Integration
  4. Select:
    • Sign-in method: SAML 2.0
    • Click Next

2️⃣ Configure Basic SAML Settings

App Setup

  • App Name: e.g., Timus SAML
  • Click Next to continue

SAML Settings

Fill in the following fields:

Okta Field Value
Single Sign-On URL https://auth.timuscloud.com/user/external/saml
Audience URI (SP Entity ID) Initially set to http://okta.com (you will update this later)
NameID Format EmailAddress
Application Username Email (default)

Attribute Statements (Optional but Recommended)

Name Value
firstname user.firstName
lastname user.lastName

These attributes allow Timus to display user details properly after SAML authentication.

  1. Scroll down and click Next
  2. Choose a setup option (typically I'm an Okta customer)
  3. Click Finish

3️⃣ Retrieve Okta SAML Details

  1. After the app is created, click View SAML Setup Instructions
  2. Copy the following values:

From Okta Used In Timus
Sign-On URL SAML Service URL
Issuer Identifier
X.509 Certificate X.509 Certificate (paste the full text)

4️⃣ Update the Audience URI (SP Entity ID)

  1. Go back to the SAML settings in your app
  2. Replace http://okta.com in the Audience URI field with the Issuer URL copied in the previous step

  1. Save your changes

📌 This step ensures that the Entity ID (Identifier) aligns with what Okta actually sends in the SAML assertion, avoiding mismatch errors during login.

🔐 (Optional) Enable Assertion Encryption

  1. Edit the SAML App in Okta
  2. Click Show Advanced Settings
  3. Set Assertion Encryption to Encrypted
  4. Upload:
    • Encryption Certificate (Timus public key)
    • Signature Certificate (if separate)

Click NextFinish to apply encryption settings.

✅ Only enable this if your environment or compliance policy requires encrypted SAML assertions. Ensure you've exchanged public keys with Timus support beforehand.

5️⃣ Configure the Integration in Timus Manager

  1. Navigate to Settings → Integrations → SAML 2.0 → Manage
  2. Click Create New and fill in:
Timus Field Entra Equivalent
Title e.g., Okta SAML
Identifier Issuer
SAML 2.0 Service URL Sign-On URL
X.509 Certificate Signing Certificate
  1. (Optional) Enable Require Encrypted Assertions
  2. Define Allowed Sites and enable Remote Access if needed
  3. Click Save

6️⃣ Assign Users to the Application

  1. In Okta, go to your new application
  2. Navigate to the Assignments tab
  3. Click AssignAssign to People or Groups
  4. Select users or groups to grant access
  5. Click Done

First-Time Login Behavior

  • Users must access the Timus app from the Okta dashboard (or via a direct link from Okta) for the first sign in
  • This initial SSO login creates the user account in Timus
  • Direct sign-in to Timus before this step will not work

🕒 Configuration propagation in Okta may take a few minutes. After setup, users should wait briefly before testing sign in.

Troubleshooting Tips

  • Ensure that the Audience URI is updated to match the actual Issuer
  • Make sure the certificate is complete and properly formatted (includes BEGIN CERTIFICATE and END CERTIFICATE)
  • If login fails, inspect the SAML response via browser dev tools or Okta logs:
    • Confirm nameID, firstname, and lastname are present
    • Validate signature and encryption settings

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.