Okta SSO Setup

This article outlines how to setup SSO with Okta

Rachel Yonan avatar
Written by Rachel Yonan
Updated over a week ago

Okta Overview

Okta is an enterprise identity management and single sign-on service that integrates with applications in the cloud, on-premises, or on a mobile device. This documentation describes how to configure a single sign-on partnership between Okta as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Security Journey as the Service Provider (SP). All SSO communication takes place over TLS/SSL.


In order to set up SSO on Security Journey with Okta, you will need:

Security Journey

  • An account with Admin privileges


  • Okta, version 2016.07 or later

  • A user with Application Admin privileges

Supported Features

The Okta + Security Journey (formerly HackEDU) SAML integration currently supports the following features:

For more information on the listed features, visit the Okta Glossary.

Configuration Steps

1. Login to Okta with your Admin account, navigate to Applications

2. Click "Browse App Catalog"

3. Search for "Security Journey" and click "Add Integration"

4. After adding the application, you can update the application label (if desired). You will also want to check the box under Application Visibility > Do not display application icon to users. Then click Next.

Our site doesn't support IdP-initiated login flow but you can simulate this by following the instructions below.

5. If you would like to see learners' first & last name, department or other valuable property data, we recommend adding learner attributes at this time. For more information check out: Adding learner attributes - Okta

6. Finally, you will see your Sign-On Options. The default will be SAML 2.0. You will need to locate your Okta Metadata URL to copy and upload to Security Journey.

SP-initiated SSO

Once configured, your learners can login here: https://my.securityjourney.com/

Simulating an IdP-initiated sign-in flow

Security Journey only supports SP-initiated sign-in. However, you can simulate IdP-initiated login by using Okta's Bookmark catalog app.

To set up, please follow the steps below:

  1. Navigate back to "Applications," search for "Bookmark App" and click "Add Integration"

  2. Update Application Label

  3. Update the URL to my.securityjourney.com/?domain=xxxxxxx (replace x with your company domain)

  4. Click Save


If you are seeing the following error, you are probably trying to login from the Okta Dashboard (IdP-initiated sign-on flow) without setting up an Okta Bookmark App:

Invalid samlResponse or relayState from identity provider

Did this answer your question?