One Login's logo

Okta SSO Setup Guide

A guide for Tuple customers who want to use SAML SSO with Okta as the Identity Provider.

Important:

Email addresses for users in Okta and on Tuple must match exactly. For example, dev+tuple@company.com will not match dev@company.com. Please ensure your team's email addresses are correct before we enable the SSO integration.

Step 1 - Create SAML App

After signing in or creating your Okta account you'll need to add a new SAML SSO application. Click on Applications in the navigation bar and then the 'Create App Integration' button.

Create App Integration

Select SAML 2.0 as the sign-in method.

Select SAML 2.0 sign-in method

Step 2 - Configure App

Name the app "Tuple" and upload an icon, which you can download here.

General Settings

Fill in the following fields:

Configure SAML
Single sign on URL
https://production.tuple.app/users/saml/auth
Audience URI (SP Entity ID)
https://production.tuple.app/users/saml/metadata

There are three additional attributes that Tuple requires in order to work: email, first_name, and last_name.

Step 4 - Send Metadata to Tuple

After finishing the install wizard, click View SAML Setup Instructions on the Sign On tab

View Setup Instructions

Draft a new email to support@tuple.app and provide the following:

  • Identity Provider Single Sign-On URL:
  • Identity Provider Issuer:

And attach the downloaded certificate file.

View certificate

Step 5 - Enable SCIM Provisioning (optional)

Enable System for Cross-domain Identity Management (SCIM) to automatically provision/deprovision user accounts and update profiles in Tuple when updated in Okta.

Your Okta app must be configured at creation time to use SCIM. If you have an existing app you'd like to use SCIM with, please contact Okta Support.

To use SCIM provisioning, send an email to support@tuple.app. Once approved, you will find your SCIM credentials on your Team Management page in Tuple: View SCIM Credentials

Once you have receive credentials, enable SCIM provisioning in Okta:

Enable SCIM provisioning

In "Provisioning", configure with the following values:

Provisioning
SCIM connector base URL
https://production.tuple.app/scim/v2
Unique identifier field for users
email

Enable the following features:

  • Import new users and Profile Updates
  • Push New Users
  • Push Profile Updates

Use the credentials you received earlier via your Team Management page.

Once the integration step is successful enable features "To App":

Enable SCIM Features