SAML 2.0 with Okta

This guide will step through the requirements for connecting your existing Okta account with SAML 2.0 SSO in Claret.

Step One: Within your enterprise/company Okta account, click on "Create App Integration" from the "Applications -> Applications" menu.

Create App Integration

Step Two: On the Sign-in method modal, select SAML 2.0

Select SAML 2.0 as the Sign-in method

Step Three: Name your Claret integration application ("Claret" will work nicely), and feel free to use the logo image below for the logo. This is your own internal application, so whether you use the logo and what you decide to name the application is entirely up to you.

Name your Integration Application and optionally use our Logo
Feel free to download this image for use in your Integration Application

Step Four: Add the following details to the SAML Settings in the "Configure SAML" tab:

NOTE: All references to {your_tenant_id} in the URLs below should be replaced with the tenancy ID (which is a string) for your Claret instance.

For example, our demo instance is at plan.claret.app/demo. So, demo is our tenancy ID there. Our zymoeno instance is at plan.claret.app/zymoeno. So zymoeno is our tenancy ID there.

Therefore, everywhere that {your_tenant_id} is referenced below would be replaced with zymoeno for our zymoeno instance and demo for our demo instance.

General Section

  1. Single sign-on URL

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  2. Audience URI (SP Entity ID)

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  3. Default Relay State

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  4. Name ID format

    This will be EmailAddress

  5. Application username

    This will be Email

  6. Update application username on

    This will be Create and update

Attribute Statements

  • email [Unspecified] => user.email

  • firstName [Unspeficified] => user.firstName

  • lastName [Unspecified] => user.lastName

Integration Details - All required - Replace [TENANT ID] with your tenancy name

Step Five: Feedback Tab

Answer the questions in this tab as follows:

  1. Are you a customer or partner?

    Select: "I'm an Okta customer adding an internal app"

  2. App type

    Select "This is an internal app that we have created"

Feedback Tab answers

NOTE: within your Okta application, you will be able to assign users and groups to the Claret SSO integration application under the "Assignments" tab.

Your company users can be assigned to the SSO integration access in the "Assignments" tab of the Claret Application integration

Connect to Claret

Once the Integration application is set up, you will see some information in the "Sign On" tab. At the bottom of this screen, you will see a button that reads "View SAML setup instructions". Click this button.

Click the "View SAML setup instructions"

This will open a separate window which will contain the data you will need to associate your new SSO application with Claret. That window will look like the image below.

The information on this screen will be input into Claret

An Admin user on the Claret application can now input these details as follows:

  1. Visit https://plan.claret.app/{your_tenant_id}/settings/application-maintenance/saml-manager

SAML Manager page available to admins on Claret
  1. You can click on Add SAML Provider on the main screen if this is your first SAML connection, or on the "Add SAML Provider" link in the menu in the upper-right-hand corner of the screen.

Click on "Add SAML Provider" via one of the options above
  1. The form to add the information that you were provided in the "How to Configure SAML 2.0 for [Claret] Application" window above can now be entered into the Claret SAML form.

Enter the info in the form and click Save

Once the information is submitted, you will see a new option on the Claret login form. Anyone in your Okta application that you have granted access to the Claret integration will be able to use this new "Login with Okta" method to sign in to their existing Claret account.

Claret users that are listed in your Okta application Assignment list will be able to use this button to log in.

Last updated

Was this helpful?