# SSO using Okta {% hint style="success" %} You need Admin access to your Okta Organisation and DinMo Organisation to be able to use the Okta SSO. {% endhint %} ### In the Okta Dashboard #### Step 1: Create a custom SAML application for DinMo 1. Sign in your Okta account as an admin 2. Go to the **applications dashboard**

3. Click "**Create app integration**" 4. Choose **SAML 2.0** app from the suggested options 5. Enter your **general settings**: name, logo, visibility

6. Click Next, and enter your **SAML settings**: single-sign-on URL, Audience URI, Name ID format, "Application username" and "Update application username on".\

\ Make sure to enter these parameters: | **Name ID format** | EmailAddress | | ---------------------------------- | ----------------- | | **Application username** | Email | | **Update application username on** | Create and update | 7. Enter your **attribute statements**\ \ At this step, an `email-to-user.email` statement is required\

#### Step 2: Assign people to your SAML app To enable a user to use the newly created application, you must add it in the **Assignments** tab under the Applications / Your application menu.

{% hint style="warning" %} The key point here is that you must specify the **user's email address** as suggested by Okta as the username. {% endhint %} ### In the DinMo Application #### Step 3: Configure Okta SSO in DinMo 1. Sign in to your [DinMo workspace](https://app.dinmo.io) as an organization admin 2. Go to your organization management space * Click on your workspace name in the top left navigation menu. * Select **Manage Workspaces**.

* Go to the **Organization Settings** tab. 3. Click on **Okta SSO** button

4. Fill in the Authentification Settings: * **SSO Portal Key**: Choose a unique key to identify your SSO organization (e.g., `_SSO`). {% hint style="danger" %} **The key must be kept safe and shared with your teams**. It allows you to log in to your DinMo account, either by using a URL such as or by entering it in the field provided when logging in via SSO. {% endhint %} * **Sign on URL**: Enter the SSO URL collected in Okta * **Issuer**: Enter the Issuer collected in Okta * **Certificate**, directly copied from the dashboard\

5. Click **Save** 6. Collect the generated values: * **DinMo’s Entity ID** * **DinMo’s Callback URL** * **Your Portal URL**: The URL used to connect to your DinMo workspace through SSO. #### **Step 4: Limit Access to Authorized Users (Optional)** For additional security, you can restrict access to your DinMo workspace to authorized users only in your IdP. To enable this, toggle the **Enable SAML-only authentication** option. *** {% hint style="success" %} :tada: Congratulations! You have successfully enabled SSO for all your DinMo account workspaces. {% endhint %} ### Connecting to a workspace using SSO #### Method 1: using DinMo sign-in * Go to * Click on "Continue with SSO"

* Enter your **SSO Portal Key** * Validate your connection with Okta #### Method 2: using your specific URL * Go to [https://app.dinmo.io/sso?key=your\_key](https://app.dinmo.io/sso?key=dinmo) * Validate your connection with Okta --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dinmo.io/workspace-management/enterprise-single-sign-on-sso/sso-using-okta.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.