> For the complete documentation index, see [llms.txt](https://help.tellius.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://help.tellius.com/6.0/settings/security/authentication/saml/using-okta-as-an-idp-saml-integration.md). # Using Okta as an IdP (SAML Integration) You can configure Okta as a SAML-based Identity Provider (IdP) for Tellius by setting up a custom SAML application in your Okta dashboard. This setup enables secure single sign-on (SSO), so users can log in to Tellius using their corporate Okta credentials. 1. Go to . Make sure you are in the correct organization/tenant where you want to manage access to Tellius. 2. Navigate to **Applications** **→** **Applications** (left sidebar). Click on **Add Application**.

3. In the dialog box, select **Platform** as *Web*. Choose **Sign-on method** as *SAML 2.0* and click on **Create**.

4. Provide an **App name**. Optionally, add a logo and description. Click on **Next**.

5. Fill in the following fields: * **Single Sign-On URL:** `https:///sso/sp/consume/idp1` Replace `` with your actual Tellius instance URL. * **Audience URI (SP Entity ID):** This must be exactly `tellius`. * **Default RelayState:** `/saml_callback`

6. These are used to map user identity fields from Okta to Tellius. Add the following attributes. These ensure that Tellius can correctly identify and create user profiles. * firstName - `user.firstName` * lastName - `user.lastName` * email - `user.email`

7. Set the **App type** to `Internal` if this app is for your organization’s internal users and click on **Finish**.

8. Once the application is created, you'll be redirected to the application’s **Settings Overview**. Click on **View Setup Instructions** (top-right corner). 9. A new tab will open containing detailed SAML configuration. Scroll to the bottom and locate the **Identity Provider Metadata**. 10. Click to **download the XML file**. 11. Once you have the metadata XML, follow the standard Tellius SAML configuration instructions: * Go to `Settings` > `Security` > `Authentication` * Select `SAML` as the authentication method. * Upload the metadata XML. * Save and confirm. From now on, users who try to access Tellius will be redirected to your Okta login screen. After successful login, they’ll be automatically provisioned and signed into Tellius using the mapped attributes. Users are auto-created in Tellius on their first login if their email matches the SAML mapping. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://help.tellius.com/6.0/settings/security/authentication/saml/using-okta-as-an-idp-saml-integration.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.