Table of contents
Topics on this page

Okta Saml SSO Integration Set Up

  1. Sign in to Okta as an admin and click on the Admin button.
  2. Click on Add Applications and then select Create New App.
  3. Select SAML 2.0 option.
  4. Enter 'Conformity' in the App name field.
  5. Click next and enter the following information:
  6. To enable IdP-initiated sign-on, set Default RelayState to REGION_OF_SERVICE:YOUR_DOMAIN.com
    e.g. us-west-2:example.com
  7. In the Configure SAML tab advanced settings upload this X.509 certificate in both Encryption Certificate and Signature Certificate fields.


  8. Configure role mapping

    • Users coming through Okta can take any of the four supported roles in Conformity:

      • Admin: This role is the organisation administrator and has full access to everything in Conformity.
      • Power user: This role has full access to all accounts but no organisation-level access, e.g. cannot manage users or add accounts.
      • Read-only: Similar to power user but only with read-only access to all accounts.
      • Custom: Custom users have no access by default and can be granted fine-grained permissions after their first sign-on, by an organisation administrator.
    • To set up a mapping from Okta Groups to Conformity Roles:

      • Add a group named CC_ADMIN (or use any group you prefer)
      • Assign users you would like to have admin access to Conformity to CC_ADMIN group
      • Repeat this process for Power user, Read-only and Custom roles as you see fit.
      • In Conformity application, add a Group Attribute Statement with:
        Name: role
        Filter: regex .CC.


      If you have another group name for Conformity admins, make sure filter regex matches the group name.

  9. In Feedback step, check I'm an Okta customer adding an internal app and It's required to contact vendor to enable SAML then finish the setup.

  10. In Sign On tab in the application that you have just created, click on Identity Provider Metadata to download the IdP metadata XML file. You will need it to complete the setup later.

Once you have provided identity provider metadata, a member of our team will import it to Conformity as a trusted identity provider and can begin verifying the integration.

Please contact support for additional help.