Skip to main content
With the Okta single sign-on (SSO) integration, you can enable secure authentication to Plerion through Okta. This setup uses SAML and role-based access control (RBAC) to map Okta users and groups to Plerion roles.
We recommend using two different browser sessions (or two separate browsers) while configuring Okta and Plerion. This prevents conflicts caused by sharing the same login session.

Steps to configure Okta SSO

1

Log in to Okta

Sign in to your Okta account with the required roles and permissions.
2

Create a new Okta application

  • Go to Applications and click Create App Integration.
  • Select SAML 2.0 and click Next.
  • Enter an app name and click Next.
Okta create SAML application screen
3

Configure SAML settings

  • In Plerion, go to Admin > Security > Single sign-on and copy the SSO URL.
  • In Okta, paste this URL into the Single sign-on URL and Audience URI (SP Entity ID) fields.
  • Set Name ID format to EmailAddress.
  • For Attribute statements, provide the required values and continue.
Okta SAML settings showing Single Sign-On URL and Audience URI fields
4

Finish Okta application setup

Review your settings, select your preferences, and click Finish.
5

Add users to the Okta application

  • In Okta, go to Directory > People and click Add person.
  • Enter the user details and click Save.
  • Open your application, go to the Assignments tab, click Assign > Assign to people, and assign the new user.
  • Click Done to confirm.
Okta assignments page with user role selection
6

Copy identity provider details

  • In your application, go to the Sign-on tab and click View SAML setup instructions.
  • Copy the Single sign-on URL, Identity provider issuer, and X.509 certificate.
Okta SAML setup instructions with SSO URL and certificate
7

Configure trust in Plerion

  • In Plerion, go to Admin > Security > Single sign-on.
  • Paste the following values into the matching fields:
    • Single sign-on URL
    • Identity provider issuer
    • X.509 certificate
  • Save the configuration.
Plerion SSO trust configuration screen
8

Test your Okta SSO connection

  • Click Test in Plerion. A new window will open where you can sign in with the user you added in Okta.
  • Verify that you can log in to Plerion using Okta SSO.
Plerion authentication test for Okta SSO

Attribute mapping and roles

1

Create and assign Okta groups

  • In Okta, go to Directory > Groups and click Add group.
  • Enter a name (for example, testOrgAdmin) and click Save.
  • Open your application, go to the Assignments tab, click Assign > Assign to groups, and assign your new group.
  • Add the previously created user to this group.
Okta groups configuration screen
2

Configure group attribute statements in Okta

  • In your application, go to the General tab.
  • Under SAML settings, click Edit and go to Configure SAML.
  • Add a Group attribute statement.
Example: Set the attribute name to group and use your group name (testOrgAdmin) as the filter.
Okta group attribute mapping configuration
3

Map attributes in Plerion

  • In Plerion, go to Admin > Security > Single sign-on > Attribute mapping.
    • For Email, select Use SAML Name ID.
    • For Display name, leave unchecked to let users choose their own, or map the Okta user’s first and last name.
    • For Roles, add a mapping with the SAML attribute name group.
    • Map testOrgAdmin to the Organization Admin role.
  • Save the configuration.
Plerion attribute mapping with role assignment
4

Test the attribute mapping

  • Click Test in Plerion.
  • Verify that the attribute mapping works as expected.
Plerion attribute mapping test confirmation

Accessing Plerion through Okta

You can access Plerion using the App Embed link from your Okta application (General tab > App embed link).
Log in with your Okta user credentials, and you will be signed in with the mapped Plerion role.
Okta app embed link with URL for accessing Plerion