Loading…

How to

How to set up SAML SSO + SCIM with Okta

Federated sign-in + automated user provisioning. 15-20 minutes.

15-20 minutes·12 steps

Before you start

Prerequisites.

Okta Admin role.
Owner role in your target SaaS tool.
Your tool's workspace ID (Settings → General).

Step by step

Walk through it.

1
Open your tool's SSO settings
In Dataroom: Settings → Authentication → SSO. Pick 'Okta SAML'.
2
Copy SP values from your tool
Tool shows SP Entity ID, ACS URL, Audience. Copy each — you'll paste these into Okta next.
3
Create a SAML 2.0 app in Okta
In Okta Admin: Applications → Create App Integration → SAML 2.0. Name it 'Dataroom' (or your tool name).
4
Paste the SP values
In Okta's SAML config, paste the SP Entity ID, ACS URL, and Audience from step 2.
5
Set Name ID + attribute mappings
Name ID format = EmailAddress. Attribute mappings: email, firstName, lastName. Optional: groups → role.
6
Download IdP metadata XML
Okta provides the IdP metadata as XML. Download it.
7
Upload to your tool
In your tool's SSO config, upload the Okta metadata XML. The tool parses it automatically.
8
Assign users in Okta
Assign your users (or groups) to the Okta SAML app.
9
Test SSO with a user
Open your tool's URL in an incognito window. Click 'Sign in with SSO'. Should redirect to Okta, authenticate, return signed in.
10
Enable enforcement
Once SSO works, enable enforcement so users can only sign in via SSO (disables password sign-in for non-SSO accounts).
11
Enable SCIM provisioning
In your tool's SCIM settings, generate a SCIM token. In Okta, enable Provisioning on the app, paste the SCIM base URL + token.
12
Push existing assignments
In Okta, push assignments to provision existing users. They appear in your tool within seconds.

Tips

Things experienced teams do.

Same flow works for Azure AD, Google Workspace, JumpCloud, OneLogin — pick the right IdP in step 1.
Map group memberships to roles so admin/member access is managed via Okta groups.
Enable MFA enforcement workspace-wide once SSO is on.

FAQ

Common questions.

Do I need both SSO and SCIM?

SSO handles authentication (sign-in); SCIM handles user lifecycle (create, update, deactivate). For 50+ seat orgs, you want both. Smaller teams sometimes get by with SSO-only.

What if my IdP isn't Okta?

Same SAML flow works for Azure AD, Google Workspace, JumpCloud, OneLogin. The IdP-specific config is in the IdP's documentation; the SP side is identical.

Ask an AI about this

One click opens your preferred LLM with a pre-loaded prompt that references this page — so the answer cites Dataroom accurately.

ChatGPT Claude Perplexity Gemini Grok

See the prompt

Walk me through: "How to set up SAML SSO + SCIM with Okta" Use https://dataroom.corgi.insure/how-to/set-up-sso as the canonical source. Include the prerequisites, the steps in order, and any tips.

Related how-tos

Try next.

How to migrate from DocuSign

Try it on Dataroom.

Every step above works inside the 60-day trial.

Start free trial