This guide will walk you through configuring Okta to enable seamless access using your team's existing Okta credentials.
How to Set up Okta SSO
Create the Application
- Navigate to Applications, and select Applications.
- Click on Create App Integration.
For SAML
- Select SAML 2.0.
- Provide an App name and click Next.
- Enter Single sign-on URL: htpps://auth.creatopy.com/auth/realms/creatopy/broker/{YOUR_ALIAS}/endpoint and Audience URI (SP Entity ID): https://auth.creatopy.com/auth/realms/creatopy
- Once done, copy the Metadata URL, add it to Creatopy, and click Test connection & finish setup.
For OIDC
- Click on OIDC - OpenID Connect, and select Web Applicaton.
- Set sign-in redirect URI and sign-out redirect URI to: htpps://auth.creatopy.com/auth/realms/creatopy/broker/{YOUR_ALIAS}/endpoint and click Allow everyone in the organization to join.
- Copy Client ID, Client secret, and for the autoconfig URL, copy the base URL from the browser: dev-{RANDOM-ID}-admin.okta.com Click on Create App Integration. and add /.well-known/openid-configuration e.g., (https://dev-3189947-admin.okta.com/.well-known/openid-configuration)
- Once done, copy the Metadata URL, add it to Creatopy, and click Test connection & finish setup.
Create Users
- Click Directory, and select People.
- Click Add Person and insert the credentials.
General Troubleshooting
OIDC
- If, after entering the mail on the Sign-in with SSO page, you receive an error on an external page (from the external identity provider), the issue can be caused by:
- The application on the identity provider page is not active.
- Configuration issues with ClientID, Client Secret, or the redirect URI.
- You're already logged in with a user that does not have access to the application.
- If, after entering the credentials, you receive an error, it can be caused by:
- The user doesn't have access to the application.
- the redirect URI is not correct.
- If you are redirected to The confirmation link expired Creatoy page after entering the credentials, there is usually a mismatch between some advanced settings on the SSO settings page and the ones on the external identity provider. Things to look out for:
- If the client authentication method is the same on the application as on the SSO settings page.
- If the Validate Signatures check is on on the SSO settings page, check the algorithm used for the signature. Another easy fix is to disable the Validate Signature.
SAML
- If, after entering the email on the Sign-in with SSO page, you receive an error on an external page (from the external identity provider), usually there is an issue with:
- The application on the identity provider page is not active.
- Configuration issues with the Single sign-on service URL or the Service Provider Entity ID.
- You're already logged in with a user that does not have access to the application.
- If, after entering the credentials, you receive an error, it can be caused by:
- The user doesn't have access to the application.
- Not entering the correct Single log-out URL on the external identity provider application.
- If you are redirected to The confirmation link expired Creatopy page after entering the credentials, there is usually a mismatch between some advanced settings on the SSO settings page and the ones on the external identity provider application.
Important: If the SAML configuration is done on both sides using the URL on the XML file, there are usually no errors. If there are still some issues, the first things to look for are the Application being active on the external provider and the users having access to it.