> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sprig.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta

To enable SSO with Okta, complete the following:

1. Contact [support@sprig.com](mailto:support@sprig.com) to claim the email domain(s) that your SSO users will use to sign in.
2. Log into your Sprig account and navigate to the **Settings >** [**Single Sign-On**](https://app.sprig.com/settings/sso).
3. Select **SSO Enabled** and click **Save**.
4. An **Important Values** section should appear.  Take note of the values provided.  You will use them to configure your Okta integration in Step 10.
5. Log into your Okta account and go to the **Admin** section. Open the side menu with the hamburger button in the top left corner, and navigate to **Applications > Applications**.

<img src="https://mintcdn.com/sprig/_1uWncsTBTa1sJbM/images/bfb6273-Screen_Shot_2022-08-19_at_10.33.43_AM.png?fit=max&auto=format&n=_1uWncsTBTa1sJbM&q=85&s=2192f9780174f9c5ab9a32c944d6fbe5" alt="" width="882" height="584" data-path="images/bfb6273-Screen_Shot_2022-08-19_at_10.33.43_AM.png" />

6. Click on **Create App Integration**.

<img src="https://mintcdn.com/sprig/8rOBJC6NeyY76ru8/images/9ea2450-Screen_Shot_2022-08-19_at_10.34.04_AM.png?fit=max&auto=format&n=8rOBJC6NeyY76ru8&q=85&s=4175454977a23e64486f4ef584185aad" alt="" width="1418" height="286" data-path="images/9ea2450-Screen_Shot_2022-08-19_at_10.34.04_AM.png" />

7. A modal window should appear.  Select **SAML 2.0** for the sign-in method.  Then click **Next**.

<img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/66b0adb-Screen_Shot_2022-08-19_at_10.36.43_AM.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=c33bc9bfd34a94f8b7acd63f6d131b99" alt="" width="1932" height="1136" data-path="images/66b0adb-Screen_Shot_2022-08-19_at_10.36.43_AM.png" />

8. Enter **Sprig** for the App Name, and click **Next**.
9. The next screen is where you will input the SAML settings.  Use the values you were provided on the Sprig SSO settings page in Step 4 to enter the **ACS URL** into the **Single sign on URL** field, and the **Entity URI** into the **Audience URI (SP Entity ID)** field. Select **EmailAddress** from the **Name ID format** dropdown, then select **Email** from the **Application username** dropdown. Do not edit the checkboxes under the **Single sign on URL** field.

<img src="https://mintcdn.com/sprig/8rOBJC6NeyY76ru8/images/9e6de11-Screen_Shot_2022-08-19_at_10.38.51_AM.png?fit=max&auto=format&n=8rOBJC6NeyY76ru8&q=85&s=4e322b771e74079795573cc05365067f" alt="" width="2080" height="1436" data-path="images/9e6de11-Screen_Shot_2022-08-19_at_10.38.51_AM.png" />

10. In the attributes section add an attribute so that there are two.  Enter “name” and “role” for the **Name** fields.  Leave the **Name format** fields as **Unspecified**.  In the **Value** fields enter [Okta Expression Language](https://developer.okta.com/docs/reference/okta-expression-language/) expressions that will provide the name and role for your Sprig users.  The “role” field needs to evaluate to one of:  `admin` , `editor` , `developer` ,  or  `viewer` . Sprig roles are described [here](/docs/account-and-settings/team-management-roles/roles-permissions). If you are not sure what to enter here you can add `String.join(" ", user.firstName, user.lastName)` for **name** and  `admin`  for **role**.

<img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/38e1e43-Screen_Shot_2022-08-19_at_10.50.41_AM.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=e9aa99c0eb70225a55d7622b5f4785e6" alt="" width="1474" height="668" data-path="images/38e1e43-Screen_Shot_2022-08-19_at_10.50.41_AM.png" />

11. Leave the **Group Attribute Statements** section blank. Scroll down to the bottom of the page and click **Next**.
12. Fill out the necessary fields in the **Feedback** section and click **Finish**.
13. You should now be taken to your new app’s integration page. Make sure you're on the **Sign On** tab, then scroll down and click **View SAML Setup Instructions**

<img src="https://mintcdn.com/sprig/_1uWncsTBTa1sJbM/images/e4b5bc7-Screen_Shot_2022-08-19_at_10.55.47_AM.png?fit=max&auto=format&n=_1uWncsTBTa1sJbM&q=85&s=5eb06be0fae6042377a34146b06f461a" alt="" width="596" height="388" data-path="images/e4b5bc7-Screen_Shot_2022-08-19_at_10.55.47_AM.png" />

14. A new tab will open with configuration values.  You will be using these values to configure Sprig SSO in the next step.

<img src="https://mintcdn.com/sprig/IibAYOcivdkTylH0/images/6f12460-Screen_Shot_2020-10-19_at_2.17.19_PM.png?fit=max&auto=format&n=IibAYOcivdkTylH0&q=85&s=8f8fff0d3438b2ff91409181e4760df3" alt="" width="1358" height="690" data-path="images/6f12460-Screen_Shot_2020-10-19_at_2.17.19_PM.png" />

15. Navigate to the Sprig [SSO Settings Page](https://app.sprig.com/settings/sso).  Copy the values from the previous step into the corresponding fields in the “Your Identity Provider” section

* **Identity Provider Single Sign-On URL → Entry Point URL**
* **Identity Provider Issuer → Issuer URL**
* **X.509 Certificate → X.509 Certificate**

16. Click the **Save** button in the **Your Identity Provider section**. You now can assign users in the **Assignments** tab of your Okta application integration.

<img src="https://mintcdn.com/sprig/_ephcOEAcdx-CRO7/images/1e2ed44-Screen_Shot_2022-08-19_at_11.00.20_AM.png?fit=max&auto=format&n=_ephcOEAcdx-CRO7&q=85&s=947c5f0ade52e99c387823b3966bdb13" alt="" width="2066" height="776" data-path="images/1e2ed44-Screen_Shot_2022-08-19_at_11.00.20_AM.png" />

Users that are assigned to the Okta application integration will now be able to sign in using the Sprig [SSO login page](https://app.sprig.com/login/sso).