# SSO using Okta
{% hint style="success" %}
You need Admin access to your Okta Organisation and DinMo Organisation to be able to use the Okta SSO.
{% endhint %}
### In the Okta Dashboard
#### Step 1: Create a custom SAML application for DinMo
1. Sign in your Okta account as an admin
2. Go to the **applications dashboard**
3. Click "**Create app integration**"
4. Choose **SAML 2.0** app from the suggested options
5. Enter your **general settings**: name, logo, visibility
6. Click Next, and enter your **SAML settings**: single-sign-on URL, Audience URI, Name ID format, "Application username" and "Update application username on".\
\
Make sure to enter these parameters:
| **Name ID format** | EmailAddress |
| ---------------------------------- | ----------------- |
| **Application username** | Email |
| **Update application username on** | Create and update |
7. Enter your **attribute statements**\
\
At this step, an `email-to-user.email` statement is required\
#### Step 2: Assign people to your SAML app
To enable a user to use the newly created application, you must add it in the **Assignments** tab under the Applications / Your application menu.
{% hint style="warning" %}
The key point here is that you must specify the **user's email address** as suggested by Okta as the username.
{% endhint %}
### In the DinMo Application
#### Step 3: Configure Okta SSO in DinMo
1. Sign in to your [DinMo workspace](https://app.dinmo.io) as an organization admin
2. Go to your organization management space
* Click on your workspace name in the top left navigation menu.
* Select **Manage Workspaces**.
* Go to the **Organization Settings** tab.
3. Click on **Okta SSO** button
4. Fill in the Authentification Settings:
* **SSO Portal Key**: Choose a unique key to identify your SSO organization (e.g., `_SSO`).
{% hint style="danger" %}
**The key must be kept safe and shared with your teams**. It allows you to log in to your DinMo account, either by using a URL such as or by entering it in the field provided when logging in via SSO.
{% endhint %}
* **Sign on URL**: Enter the SSO URL collected in Okta
* **Issuer**: Enter the Issuer collected in Okta
* **Certificate**, directly copied from the dashboard\
5. Click **Save**
6. Collect the generated values:
* **DinMo’s Entity ID**
* **DinMo’s Callback URL**
* **Your Portal URL**: The URL used to connect to your DinMo workspace through SSO.
#### **Step 4: Limit Access to Authorized Users (Optional)**
For additional security, you can restrict access to your DinMo workspace to authorized users only in your IdP. To enable this, toggle the **Enable SAML-only authentication** option.
***
{% hint style="success" %}
:tada: Congratulations! You have successfully enabled SSO for all your DinMo account workspaces.
{% endhint %}
### Connecting to a workspace using SSO
#### Method 1: using DinMo sign-in
* Go to
* Click on "Continue with SSO"
* Enter your **SSO Portal Key**
* Validate your connection with Okta
#### Method 2: using your specific URL
* Go to [https://app.dinmo.io/sso?key=your\_key](https://app.dinmo.io/sso?key=dinmo)
* Validate your connection with Okta
.png?alt=media&token=57d3aea5-3440-433c-b4c8-cfa2aad4004a)
.png?alt=media&token=3ec40957-808b-485c-9681-2c4f0472866f)
