# Using Okta as an IdP (SAML Integration)

You can configure Okta as a SAML-based Identity Provider (IdP) for Tellius by setting up a custom SAML application in your Okta dashboard. This setup enables secure single sign-on (SSO), so users can log in to Tellius using their corporate Okta credentials.

1. Go to <https://admin.okta.com>. Make sure you are in the correct organization/tenant where you want to manage access to Tellius.
2. Navigate to **Applications** **→** **Applications** (left sidebar). Click on **Add Application**.

<figure><img src="/files/yhMbD7bLg4RcxMNTEVzY" alt="" width="563"><figcaption><p>Add Application</p></figcaption></figure>

3. In the dialog box, select **Platform** as *Web*. Choose **Sign-on method** as *SAML 2.0* and click on **Create**.

<figure><img src="/files/hZ3gLDB74U9DRIf7v2Lj" alt="" width="563"><figcaption><p>New App Integration</p></figcaption></figure>

4. Provide an **App name**. Optionally, add a logo and description. Click on **Next**.

<figure><img src="/files/4FFlSGjtvoLBM7u6EsuI" alt="" width="563"><figcaption><p>Provide App name</p></figcaption></figure>

5. Fill in the following fields:

* **Single Sign-On URL:** `https://<YOUR_TELLIUS_URL>/sso/sp/consume/idp1`

  Replace `<YOUR_TELLIUS_URL>` with your actual Tellius instance URL.
* **Audience URI (SP Entity ID):** This must be exactly `tellius`.
* **Default RelayState:** `/saml_callback`

<figure><img src="/files/5eBQ8gRkYqlvTxyfmpet" alt=""><figcaption><p>SAML Settings</p></figcaption></figure>

6. These are used to map user identity fields from Okta to Tellius. Add the following attributes. These ensure that Tellius can correctly identify and create user profiles.

* firstName - `user.firstName`
* lastName - `user.lastName`
* email - `user.email`

<figure><img src="/files/zM3tTBQhqKpqQO1OKGvA" alt="" width="563"><figcaption><p>Attribute mapping</p></figcaption></figure>

7. Set the **App type** to `Internal` if this app is for your organization’s internal users and click on **Finish**.

<figure><img src="/files/SOCzBAGouB3pqDXpEEjv" alt="" width="563"><figcaption><p>Internal ap</p></figcaption></figure>

8. Once the application is created, you'll be redirected to the application’s **Settings Overview**. Click on **View Setup Instructions** (top-right corner).
9. A new tab will open containing detailed SAML configuration. Scroll to the bottom and locate the **Identity Provider Metadata**.
10. Click to **download the XML file**.
11. Once you have the metadata XML, follow the standard Tellius SAML configuration instructions:

* Go to `Settings` > `Security` > `Authentication`
* Select `SAML` as the authentication method.
* Upload the metadata XML.
* Save and confirm.

From now on, users who try to access Tellius will be redirected to your Okta login screen. After successful login, they’ll be automatically provisioned and signed into Tellius using the mapped attributes.

Users are auto-created in Tellius on their first login if their email matches the SAML mapping.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.tellius.com/settings/security/authentication/saml/using-okta-as-an-idp-saml-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.