This feature is available only on the Enterprise plan.
In this article you'll learn how to set up single sign-on with Lokalise and Okta.
Configuration on Lokalise
To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:
Then, proceed to the Advanced security tab and tick the Enable SSO field:
Team's domain — enter your Okta domain.
SAML 2.0 Endpoint (HTTP) — enter the Audience URI (SP Entity ID) value from Okta's SAML settings. For example:
https://yourdomain.okta.com/app/yourdomain_lokalise_1/exk3w3tl0wTE8zQPl5d7/sso/saml
.Identity Provider Issuer — enter Identity Provider Issuer value from Okta Configuration details page. For example:
http://www.okta.com/qer3w3tlOwET8zPQl4d9
.Public Certificate — enter X.509 Certificate from the Okta Configuration details page. Must begin with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
.Sign AuthnRequest — is not usually required. However, you can still enable this option, copy the value to the
.crt
file and import this file to the necessary service.
If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:
Empty all fields within Single sign-on (SSO) section of the Advanced security tab.
Uncheck Enable SSO setting.
Click on Save.
Proceed with configuring SSO for the other Lokalise team.
Configuration on Okta
Here's a sample configuration:
SAML settings
Single Sign On URL, Recipient URL, Destination URL — enter the ACS URL Preview value from Lokalise settings.
Audience Restriction — set to
https://lokalise.com
.Name ID format — set to Persistent
Response — set to Signed
Assertion Signature — set to Signed
Leave all other fields to their default values.
Attribute statements
Please note that attribute names and values are case-sensitive.
Logging in with SSO
Once everything is set up, proceed to https://app.lokalise.com/sso
and enter user email associated with the Okta domain. Upon the first log in, you'll be asked to confirm your email: