Skip to main content

Okta SAML

Learn how to set up single sign-on with Okta app.

Ilya Krukowski avatar
Written by Ilya Krukowski
Updated over a week ago

This feature is available only on the Enterprise plan and can be purchased as an add-on on the Pro plan.

In this article you'll learn how to set up single sign-on with Lokalise and Okta.

Part 1: Configuration on Lokalise

To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:

Accessing team settings

Then, proceed to the Advanced security tab and tick the Enable SSO field:

Sample SSO configuration

  1. Team's domain: Enter your full Okta domain (e.g., yourdomain.okta.com).

  2. SAML 2.0 Endpoint (HTTP): Use the Audience URI (SP Entity ID) value from Okta’s SAML settings. Example: https://yourdomain.okta.com/app/yourdomain_lokalise_1/exk3w3tl0wTE8zQPl5d7/sso/saml.

  3. Identity Provider Issuer: Copy this from the Identity Provider Issuer field on Okta’s Configuration details page. Example: http://www.okta.com/qer3w3tlOwET8zPQl4d9.

  4. Public Certificate: Paste the X.509 Certificate from Okta’s Configuration details page. It must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

  5. Sign AuthnRequest: This is typically not required. If your setup needs it, enable the option, copy the value into a .crt file, and import it into the relevant service.

Reconfiguring same SSO domain for another team

If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:

  1. Empty all fields within Single sign-on (SSO) section of the Advanced security tab.

  2. Uncheck Enable SSO setting.

  3. Click on Save.

  4. Proceed with configuring SSO for the other Lokalise team.

Configuration on Okta

View required params for Lokalise SSO

SAML settings

View SAML settings

  • Single Sign On URL, Recipient URL, and Destination URL: Set all three to the ACS URL Preview value from your Lokalise SSO settings.

  • Audience Restriction: https://lokalise.com

  • Name ID format: Persistent

  • Response: Signed

  • Assertion Signature: Signed

Leave all other fields with their default values unless your organization requires otherwise.

Attribute statements

You'll need to provide attribute statements as shown in the screenshot below.

View required attribute statements

Please note that attribute names and values are case-sensitive.

Logging in with SSO

Once everything is set up, proceed to https://app.lokalise.com/sso and enter user email associated with the Okta domain. Upon the first log in, you'll be asked to confirm your email:

Confirmation email

Related Articles
PingIdentity SAML
PingFederate SAML
OneLogin SAML
Google SAML
Keycloak SAML
Did this answer your question?