Use Okta as a SAML identity provider

If you use Okta to centralize authentication and authorization in your business, you can integrate Kinde as a service provider for these processes. This gives you the benefits of Kinde’s robust auth capabilities, while keeping the familiar Okta structure.

You need to set up an enterprise connection in Kinde for this, and add an Okta application. See steps below.

Step 1: Add an Okta connection in Kinde

Link to this section

Add a connection for a specific organization

Link to this section

1. Go to Organizations and open the organization.
2. In the menu, select Authentication, then select Add connection.
3. In the Add connection window, select New enterprise connection, then click Next.
4. Select the Okta connection and then select Next.
5. Next: ‘Step 2: Configure the connection’.

Add a connection that can be shared across multiple organizations

Link to this section

1. Go to Settings > Environment > Authentication.
2. Scroll to the Enterprise connection section and select Add connection. The Add connection window opens.
3. Select the Okta connection and then select Save.
4. On the tile for the new connection, select Configure.
5. Next: ‘Step 2: Configure the connection’.

Step 2: Configure the connection

Link to this section

1. Enter a name for the connection.

2. Enter a random value for the Entity ID, e.g. 870sa9fbasfasdas23aghkhc12zasfnasd.

   

3. Complete any optional fields you want, including the key attributes. You’ll add the IdP Metadata URL later.

4. Enter Home realm domains. This speeds up the sign in process for users of those domains. Note that all home realm domains must be unique across all connections in an environment. For more information about how, see Home realm domains or IdP discovery.

   

5. If you use home realm domains, the sign in button is hidden on the auth screen by default. To show the SSO button, select the Always show sign-in button option.

6. Copy the Assertion Customer Service (ACS) URL and the Entity ID somewhere you can access it later. You’ll need this to set up your Okta application.

7. Select provisioning options.

8. Select Save.

Step 3: Add and configure your Okta application

Link to this section

1. Sign in to the Okta admin console.

2. Select Applications > Applications.

   

3. Select Create App Integration. The Sign-in method options opens.

4. Select SAML 2.0 and then select Next. The app’s general settings opens.

   

5. Add a name in the App name field then select Next. The Configure SAML screen opens.

   

6. In the SAML settings section, enter the following values:

   1. Single sign-on URL: Paste the Assertion Customer Service (ACS) URL you copied from Kinde.
   2. Audience URI (SP Entity ID): Paste the Entity ID you copied from Kinde.
   3. Name ID format: Select EmailAddress.
   4. Application username: Select Email.
   5. Leave all other options to their default value and select Next.

7. In the next screen, select I’m a software vendor. I’d like to integrate my app with Okta, then select Finish. You will be redirected to the newly created application in Okta.

8. Select the Sign on tab and copy the metadata URL.

   

Step 3: Finish setting up your SAML connection in Kinde

Link to this section

1. Open the connection in Kinde. Via Organization > Authentication or via Settings > Authentication.
2. Scroll to the IdP metadata URL field and paste the Metadata URL you copied from Okta.
3. Enter the signed certificate and key information if you have it. You can do this later as well.
4. Switch on the connection. This will make it instantly available to users if this is your production environment.
   1. For environment-level connections, scroll down and select the apps that will use the auth method.
   2. For organization-level connections, scroll down and select if you want to switch this on for the org.
5. Select Save. You can now use Okta as an IdP for the selected applications.