Okta

Okta SAML

This article will walk you through how to configure Braze to use Okta for single sign-on.

Okta connects any person with any application on any device. It’s an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee’s access to any application or device.

Requirements

Requirement	Details
Okta turned on for your account	Reach out to your Braze Account Manager to have this turned on for your account
Okta Admin Privileges	Please make sure you have Admin Privileges before setting up Okta
Braze Admin Privileges	Please make sure you have Admin Privileges before setting up Okta

Step 1: Configure Braze

Step 1a: Log in to your Braze Account and Navigate to Security Settings

Log into your Braze account using an admin account.

Click on your user name, then select Company Settings from the dropdown menu. Next, select the Security Settings tab. Toggle the green SAML SSO switch to ON from the right side of the page.

Okta SAML

Step 1b: Edit SAML SSO Settings

From your Okta Admin Dashboard, you will be provided a Target URL (Login URL) and x.509 certificate which you must input into your Braze account.

Requirement	Details
`SAML Name`	This will appear as the button text on the login screen. This is typically your IdP name, For example, “Okta”.
`Target URL`	This is the Login URL provided by Okta Admin Dashboard.
`Certificate`	The `x.509` PEM encoded certificate is provided by your IdP. You must copy and paste it into this field.

Enable SAML SSO

Select Save Changes at the bottom of the page once completed.

Step 2: Enable the IdP-initiated Flow

Next, you must create your Braze API Key with sso.saml.login permission enabled.

If you do not already have such a Braze API Key, one can be created by going to the Developer Console in Settings, then click Create New API Key.
From here, scroll down to the SSO section and check the sso.saml.login option and then save the API Key.

SSO Set Up