SAML 2.0 with Okta

This guide will step through the requirements for connecting your existing Okta account with SAML 2.0 SSO in Claret.

Step One: Within your enterprise/company Okta account, click on "Create App Integration" from the "Applications -> Applications" menu.

Step Two: On the Sign-in method modal, select SAML 2.0

Step Three: Name your Claret integration application ("Claret" will work nicely), and feel free to use the logo image below for the logo. This is your own internal application, so whether you use the logo and what you decide to name the application is entirely up to you.

Step Four: Add the following details to the SAML Settings in the "Configure SAML" tab:

NOTE: All references to {your_tenant_id} in the URLs below should be replaced with the tenancy ID (which is a string) for your Claret instance.

For example, our demo instance is at plan.claret.app/demo. So, demo is our tenancy ID there. Our zymoeno instance is at plan.claret.app/zymoeno. So zymoeno is our tenancy ID there.

Therefore, everywhere that {your_tenant_id} is referenced below would be replaced with zymoeno for our zymoeno instance and demo for our demo instance.

General Section

  1. Single sign-on URL

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  2. Audience URI (SP Entity ID)

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  3. Default Relay State

    This will be https://plan.claret.app/{your_tenant_id}/saml2/callback

    (e.g. https://plan.claret.app/zymoeno/saml2/callback)

  4. Name ID format

    This will be EmailAddress

  5. Application username

    This will be Email

  6. Update application username on

    This will be Create and update

Attribute Statements

  • email [Unspecified] => user.email

  • firstName [Unspeficified] => user.firstName

  • lastName [Unspecified] => user.lastName

Step Five: Feedback Tab

Answer the questions in this tab as follows:

  1. Are you a customer or partner?

    Select: "I'm an Okta customer adding an internal app"

  2. App type

    Select "This is an internal app that we have created"

NOTE: within your Okta application, you will be able to assign users and groups to the Claret SSO integration application under the "Assignments" tab.

Connect to Claret

Once the Integration application is set up, you will see some information in the "Sign On" tab. At the bottom of this screen, you will see a button that reads "View SAML setup instructions". Click this button.

This will open a separate window which will contain the data you will need to associate your new SSO application with Claret. That window will look like the image below.

An Admin user on the Claret application can now input these details as follows:

  1. Visit https://plan.claret.app/{your_tenant_id}/settings/application-maintenance/saml-manager

  1. You can click on Add SAML Provider on the main screen if this is your first SAML connection, or on the "Add SAML Provider" link in the menu in the upper-right-hand corner of the screen.

  1. The form to add the information that you were provided in the "How to Configure SAML 2.0 for [Claret] Application" window above can now be entered into the Claret SAML form.

Once the information is submitted, you will see a new option on the Claret login form. Anyone in your Okta application that you have granted access to the Claret integration will be able to use this new "Login with Okta" method to sign in to their existing Claret account.

PreviousSSO IntegrationNextOverview

Last updated