Ctrlk
Log inSign up

Okta SSO

Configure SAML 2.0 SSO and SCIM provisioning for Natoma using the Okta Integration Network (OIN) application.

This guide covers setup for Natoma using the Okta OIN (Okta Integration Network) application, which supports both SAML 2.0 for Single Sign-On and SCIM for user and group provisioning.

SAML 2.0 SSO Setup

Prerequisites

When using SAML as the SSO mode with provisioning, your tenant must be upgraded from a free trial.

Supported Features

Attribute Statements

The following SAML attributes are supported:

Name
Value

email

user.email

name

user.firstName + " " + user.lastName

SP-Initiated SSO

The sign-in process is initiated from Natoma:

  1. From your browser, navigate to the Natoma sign-in page.

  2. Enter your Okta email and click Sign in, then enter your Okta credentials when prompted.

If your credentials are valid, you are redirected to the Natoma dashboard.

Setup Instructions

1. Add the Application in Okta

  1. Log in to your Okta admin account.

  2. Navigate to Applications and select Browse App Catalog.

  3. Search for Natoma and click Add Integration.

2. Copy your Tenant ID from Natoma

  1. In Natoma, go to Admin > SSO.

  2. Copy your tenant ID from the Entity ID or ACS URL field.

  3. Paste the tenant ID into Okta and click Done.

3. Copy the Metadata URL to Natoma

  1. In Okta, navigate to the Sign On tab and copy the Metadata URL.

  2. Back in Natoma, paste the Metadata URL into the SSO settings.

  3. Click Test SAML. Once the test passes, click Update.

4. Assign the Application

In Okta, go to the application, click Assignments, and assign the necessary people or groups.

SCIM Provisioning Setup

SCIM (System for Cross-domain Identity Management) enables continuous synchronization of users and groups between Okta and Natoma.

Prerequisites

When using SAML as the SSO mode with provisioning, your tenant must be upgraded from a free trial.

Supported Features

  • Create users

  • Update user attributes

  • Deactivate users

  • Import users

  • Import groups

  • Profile sourcing

  • Group push

Setup Instructions

1. Enable SCIM in Natoma

  1. In the Natoma Admin Console, navigate to Admin Settings > SSO (or Identity Providers).

  2. Toggle the option for SCIM Integration.

  3. Click Generate Token and immediately copy the token.

You will not be able to view this token again — save it before closing.

2. Configure API Integration in Okta

  1. In your Okta application, navigate to the Provisioning tab.

  2. Under Settings, go to Integration and click Edit.

  3. Check the Enable API Integration box.

  4. Paste the generated SCIM token into the API token field.

  5. Click Test API Credentials, then Save.

3. Enable Provisioning to App

  1. After saving, click To App in the settings panel, then click Edit.

  2. Enable the following provisioning actions:

    • Create Users

    • Update User Attributes

    • Deactivate Users

  3. Click Save.

4. Provision Users and Groups

  1. In Okta, go to the application, click Assignments, and confirm the users and groups you want to provision are assigned.

  2. To push groups, navigate to the Push Groups tab, select By name, enter the group name, select Push group memberships immediately, and click Save.

Last updated