# Okta Setup

## Configuring SSO in Okta <a href="#configuring-sso-in-okta" id="configuring-sso-in-okta"></a>

1. Login to your Okta Portal. Your portal's link should resemble something like this: <https://xxxxx.okta.com>
2. Click on **Admin** in the top right.
3. Click on **Developer Console** dropdown in the top left, and select **Classic UI**.
4. Click on **Applications** in the navigation bar.
5. Click **Add Application**.
6. Click **Create New App** in top right corner.
7. Select "Web" from the *Platform* dropdown, and select "SAML 2.0" radio button for *Sign on method*.
8. Click **Create**.
9. Enter your desired *App Name* and click **Next**.
10. Enter "<https://ems.bluefletch.com/\\_\\_/auth/handler>" in the *Single sign on URL* field. This will also be auto-filled as the *ACS URL (Callback URL)* in your [BlueFletch Portal SSO Configuration](https://docs.bluefletch.com/bluefletch-enterprise/product-guides/portal/admin/single-sign-on/portal-setup).
11. Enter "saml.\[*organization's login domain for Azure*]" (e.g. *saml.bluefletch*) for the *Audience URI (SP Entity ID)* field. This will also be *Provider ID* & *SP Entity ID* in your [BlueFletch Portal SSO Configuration](https://docs.bluefletch.com/bluefletch-enterprise/product-guides/portal/admin/single-sign-on/portal-setup).
12. If mapping Okta [groups to Portal roles](https://docs.bluefletch.com/bluefletch-enterprise/product-guides/portal/admin/portal-setup#idp-group-mappings), add a group attribute statement named "Groups" (Portal's code checking for this variable is case-sensitive, so be sure it is spelled with a capital "G").
13. Click **Next**.
14. Select **I'm an Okta customer adding an internal app**.
15. Click **Finish**.
16. Retrieve the metadata XML from Okta to use in [Portal Setup](https://docs.bluefletch.com/bluefletch-enterprise/product-guides/portal/admin/single-sign-on/portal-setup), or provide back to BlueFletch.