Skip to main content
Okta SAML

Learn how to set up single sign-on with Okta app.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over 2 months ago

This feature is available only on the Enterprise plan and can be purchased as an add-on on the Pro plan.

In this article you'll learn how to set up single sign-on with Lokalise and Okta.

Configuration on Lokalise

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Then, proceed to the Advanced security tab and tick the Enable SSO field:

  • Team's domain — enter your Okta domain.

  • SAML 2.0 Endpoint (HTTP) — enter the Audience URI (SP Entity ID) value from Okta's SAML settings. For example: https://yourdomain.okta.com/app/yourdomain_lokalise_1/exk3w3tl0wTE8zQPl5d7/sso/saml.

  • Identity Provider Issuer — enter Identity Provider Issuer value from Okta Configuration details page. For example: http://www.okta.com/qer3w3tlOwET8zPQl4d9.

  • Public Certificate — enter X.509 Certificate from the Okta Configuration details page. Must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  • Sign AuthnRequest — is not usually required. However, you can still enable this option, copy the value to the .crt file and import this file to the necessary service.

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

  1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

  2. Uncheck Enable SSO setting.

  3. Click on Save.

  4. Proceed with configuring SSO for the other Lokalise team.

Configuration on Okta

Here's a sample configuration:

SAML settings

  • Single Sign On URL, Recipient URL, Destination URL — enter the ACS URL Preview value from Lokalise settings.

  • Audience Restriction — set to https://lokalise.com.

  • Name ID format — set to Persistent

  • Response — set to Signed

  • Assertion Signature — set to Signed

Leave all other fields to their default values.

Attribute statements

Please note that attribute names and values are case-sensitive.

Logging in with SSO

Once everything is set up, proceed to https://app.lokalise.com/sso and enter user email associated with the Okta domain. Upon the first log in, you'll be asked to confirm your email:

Did this answer your question?