Configure SAML with Okta

This page explains how to integrate Okta as a SAML Identity Provider to authenticate your users on Reemo.

Important

This feature is available starting from the Enterprise plan.

Note

Depending on your deployment mode, SAML can be enabled at the instance level (Private Cloud / On-Prem) or at the organization level (Public Cloud).
Screenshots and labels may vary slightly depending on your interface version.

Configure SAML in Reemo

Case 1: Instance level (Private Cloud / On-Prem)
Configure SAML in the instance’s Admin Area, under the Connectors menu.
Configure SAML in the instance Admin Area

Configure SAML in Connectors from the instance Admin Area.

Case 2: Organization level (Public Cloud)
From your Organization > Connectors, configure SAML for this organization.
Configure SAML in the organization

Configure SAML in Organization > Connectors.

Create the SAML Connector in Reemo

  1. Create a new Connector of type SAML Connector.

  2. Fill in the basic fields:

  • Friendly Name: the name displayed to your users (e.g., Okta).

  • Issuer / App URI ID: reemo.

  • The other fields (e.g., Entry Point, Certificate) will be filled in after configuring Okta.

Creating a SAML connector in Reemo

Fill in the basic fields of the SAML connector.


SAML connector creation form

Enter the friendly name and the Issuer (reemo), then save.

  1. Validate to generate the connector’s Callback URL. You will need this in Okta (Single sign-on URL).

Retrieving the connector Callback URL

Copy the Callback URL generated by the SAML connector.

Configure the SAML Application in Okta

  1. Log in to your Okta portal.

  2. Go to Applications > Create App Integration > SAML 2.0.

Creating a SAML 2.0 application in Okta

Create a SAML 2.0 integration in Okta.

  1. Give the application a name (e.g., Reemo) and click Next.

  2. Fill in the main SSO settings:

  • Single sign-on URL: paste the Callback URL from the Reemo connector.

  • Audience URI (SP Entity ID): reemo.

  • Application username: Email.

  1. Configure the Attribute Statements as follows:

Name

Name format

Value

email

Unspecified

user.email

fullname

Unspecified

user.lastName
Okta SAML app form

Fill in the Callback URL, Audience, and Attribute Statements.

  1. Complete the Okta application creation (Next then Finish).

  2. From the created application, go to the Sign On tab and download the Metadata (XML) from the provided URL.

Okta SAML metadata

Download the SAML metadata (XML) from Okta.

  1. Copy the X.509 Certificate and the Entry Point (SSO URL).

Okta X.509 certificate and SSO URL

Retrieve the X.509 certificate and Entry Point from Okta.

  1. Complete the Reemo SAML connector. Enable the connector (check Enabled) and click Update to save.

Paste Okta information into the Reemo connector

Enable the connector after pasting the Entry Point and Certificate from Okta.

Provision Users

There are two approaches to grant SSO access to users.

Approach A: Explicit provisioning from the organization
Use the Provision SAML User button to add users by entering their email.
Provision SAML User button in the organization

Provision SAML users directly in the organization.

Popup to add SAML users by email

Add users by email through the provisioning popup.

Approach B: Just-In-Time (JIT) Provisioning
Enable Just In Time Provisioning on the connector: accounts are created automatically on the first successful SSO login.
Just In Time Provisioning option

Enable Just In Time Provisioning to create accounts at first login.

Sign in via SAML

Once the connector is active and users are provisioned (or JIT enabled), they can sign in:

  • General portal access (Private Cloud / On-Prem):

    https://[portal_url]/

  • Direct access to the organization (Public Cloud):

    https://[portal_url]/login/[organization_shortname]
SSO authentication screen

Select SAML and click Next to be redirected to Okta.