Set up Okta SSO for Opti ID

  • Updated

To use Opti ID, you must create a Security Assertion Markup Language 2.0 (SAML2) relationship.  In this topic, Optimizely uses Okta as its identity provider (IDP), but you can use another IDP and set up should be similar. Contact Optimizely if you have any questions.

  1. Go to your Applications section:
    https://[your-domain].okta.com/admin/apps/active
  2. Select Create App Application and select SAML 2.0:

    Onboard-SSO-1.png

  3. In the General Settings step, enter a name. You can optionally select a App logo and App visibility settings are optional to your organization. Click Next.

    Onboard-SSO-2.png

  4. In the Configure SAML step, set the following properties:
    • Single sign-on URL – Enter a valid URL, like https://optimizely.com. (You will edit this later.)
    • Audience URI – Enter a valid URI. (You will edit this later.)
    • Default RelayState – optional
    • Name ID format – Select EmailAddress.
    • Application username – Select Email.
    • Update application username on – Create and update
    • If you are using Okta, you can leave user attribute statements and group attribute statements empty.  If you are using another IDP, you may need to add the required user attribute statement fields manually:
      • firstName – user.firstName
      • lastName – user.lastName
      • Email – user.email

        Onboard-SSO-3.png

  5. Click Next. The Sign On page of your application displays.
  6. Select View SAML setup instructions.  A new window/tab displays.
  7. Copy the Identity Provider Single Sign-On URL and Identity Provider Issuer (perhaps to a text document).

    Onboard-SSO-4.png

  8. Click Download Certificate and save the certificate.
  9. Close the Setup Instructions tab/window, but keep the Application tab open.
  10. Go to https://login.optimizely.com and login into the Optimizely Admin Center using your technical contact email and password.
  11. Select SSO Settings.

    Onboard-SSO-5.png

  12. Enter the Issuer URL (from the Identity Provider Issuer that you copied) and SSO URL (from the Identity Provider Single Sign-On URL that you copied) and then select your certificate from your local filesystem. Click Submit.

    Onboard-SSO-6.png

  13. After clicking Submit, copy the values in Audience URL and Assertion Consumer Service URL (perhaps to a text file).

    Onboard-SSO-7.png

  14. Go back to your Application settings in your Okta/IDP instance and select the General tab. 
  15. Scroll down to SAML settings and click Edit.

    Onboard-SSO-8.png

  16. Click Next to advance to the Configure SAML step.
  17. Paste the value from Assertion Consumer Service URL into Single Sign On URL.
  18. Paste the value from Audience URL into Audience Restriction.
  19. Click Next, and Next again to save. The setup is complete.
  20. Test the setup.
    1. Open an Incognito window and go to https://login.optimizely.com
    2. Enter your email and click Next. It should redirect you to your organization's IDP.
      If there are any issues with signing in with your Incognito tab, double-check your settings.  If all else fails, click Remove Connection in your Optimizely Admin Center's SSO Settings to clear out your settings and try again.  Contact support for any help.