Set up SSO with Okta

This guide covers the complete SSO setup between Enpass Admin Console and Okta. Follow each phase in order — you'll move between both portals during the process.

You'll need:

• Super Admin access to the Enpass Admin Console

• Admin access to the Okta Admin Console

Phase 1: Start the SSO Connector in Enpass

1. Log in to the Enpass Admin Console.

2. Navigate to Settings > Single Sign-On.

3. Click Set Up to open the SAML Configuration dialog.

4. Enter a name for your configuration (e.g., Okta SSO), select Okta as the Identity Provider, and click Continue.

5. On the next screen, you'll see your SP Entity ID and SP Assertion Consumer Service (ACS) URL. Keep this page open — you'll need these values in Phase 2.

Phase 2: Configure the SAML App in Okta

Step 1: Create a SAML Integration

1. In the Okta Admin Console, go to Applications > Applications.

2. Click Create App Integration.

3. Select SAML 2.0 as the sign-in method and click Next.

4. Enter a name for the integration (e.g., Enpass Admin Console SSO) and click Next.

Step 2: Enter Enpass SP Details

5. Paste the ACS URL from the Enpass Admin Console into the Single Sign On URL field.

6. Paste the SP Entity ID from the Enpass Admin Console into the Audience URI (SP Entity ID) field.

7. Set the Name ID format to EmailAddress.

Step 3: Finish the Integration

8. On the Feedback page, no changes are needed. Click Finish.

Step 4: Configure Attribute Statements and Copy Metadata URL

9. The new app will appear under Active Apps in the Applications tab. Open it.

10. Go to the Sign On tab. In the Attribute Statements section, click Add expression.

    1. In the Name field, enter Email.

    2. In the Expression field, enter user.profile.email.

    3. Click Save.

11. Copy the Metadata URL from the Settings section on the same tab. You'll use this in Phase 3.

Step 5: Assign Users

12. Go to the Assignments tab.

13. Assign all admins who need SSO access to the Enpass Admin Console to this application.

Phase 3: Finish Setup in Enpass

1. Return to the Enpass Admin Console SSO setup page (where you left off in Phase 1).

2. Paste the Metadata URL copied from Okta into the Metadata URL field.

3. Click Add Configuration to save.

Test the Configuration

4. Click Test Configuration, then click Start Test. A new tab will open and run a test sign-in through Okta. The tab closes automatically when the test is complete.

If the test fails, verify that the ACS URL and SP Entity ID in Okta exactly match the values from Enpass, and that the email attribute statement is correctly configured.

Activate SSO

5. Once the test passes, click Activate to enable SSO login for Admin Console users.

Enforce SSO (Optional)

6. To make SSO the only permitted login method, enable the Enforce SSO toggle on the SSO settings page. This disables email/password login for all admins.

Related Topics

• Bypass SSO for Specific Admins