How can I provision users from Okta to MetaAccess?

MetaAccess offers an integration with a 3rd-party Single Sign-on Service (SSO). This enables an account to provision new users to manage your account. When a user logs into the MetaAccess console through your own SSO service, MetaAccess will provision that user as a read-only user on your account. You can update the user's role later.

MetaAccess uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0), so that you can integrate easily with any large identity provider that supports SAML 2.0.

To get started, log into Okta and create an application for MetaAccess.

1. Log into Okta as an administrator

2. Navigate to Admin > Applications

3. Click the Add Application button


4. Click the Create New App button


5. Select Web for the Platform option and SAML 2.0 for the Sign on method then click Create


6. Enter the App Name, for example MetaAccess. Then click Next. Optional: you can update the app logo by using the Upload Logo button if you wish.


7. Enter as Single Sign On URL and Audience URI. You have to update the Single Sign On URL after you configure the identity provider on the MetaAccess console

8. Select EmailAddress for Name ID Format and Email for Application username. Then click Next


9. Select the option " I'm an Okta customer adding an internal app". Then click Finish


10. On the Sign On tab of the app you just created, click on the Identity Provider metadata link and save it as an xml file, for example: Okta.xml. You can click on View Set Up instructions to get necessary information if you would like to configure your identity provider step by step.


Configure Okta on MetaAccess:

11. Log into the MetaAccess console with an admin permission

12. Navigate to User management > SSO

13. On Control tab, enable "Enable Single Sign On" checkbox

14. Enter an IdP Name, for example: Okta

15. Click Choose File to import the identity provider metadata you got earlier in step #10 . Select the file you saved in step #10, Okta.xml. If the file is valid then IdP certificate, Issuer, and IdP SSO URL will pop up.


16. Click the Save button.

17. After you save your changes successfully, MetaAccess generates a MetaAccess Login URL. Copy this URL and save it for later use.


18. Switch to Okta Admin

19. Navigate to the application you created earlier, MetaAccess, select the General tab then click the Edit button on the SAML Settings section


20. Click Next on the first screen

21. Replace the Single Sign On URL with the MetaAccess Login URL you got in step #17 from the MetaAccess console and Save this change.


DONE. Now you need to assign people/groups who can access this application on Okta.

If You couldn't import the identity provider information from the IdP metadata file, you can get information from the Set up instruction page of the app and copy IdP certificate, Issuer, and IdP SSO URL to the MetaAccess console