This feature is available only on the Enterprise plan and can be purchased as an add-on on the Pro plan.
In this article you'll learn how to set up single sign-on with Lokalise and Okta.
Part 1: Configuration on Lokalise
To get started, log into Lokalise, click on the avatar in the bottom left corner and choose Team settings:
Then, proceed to the Advanced security tab and tick the Enable SSO field:
Team's domain: Enter your full Okta domain (e.g.,
yourdomain.okta.com
).SAML 2.0 Endpoint (HTTP): Use the Audience URI (SP Entity ID) value from Okta’s SAML settings. Example:
https://yourdomain.okta.com/app/yourdomain_lokalise_1/exk3w3tl0wTE8zQPl5d7/sso/saml
.Identity Provider Issuer: Copy this from the Identity Provider Issuer field on Okta’s Configuration details page. Example:
http://www.okta.com/qer3w3tlOwET8zPQl4d9
.Public Certificate: Paste the X.509 Certificate from Okta’s Configuration details page. It must begin with
-----BEGIN CERTIFICATE-----
and end with-----END CERTIFICATE-----
.Sign AuthnRequest: This is typically not required. If your setup needs it, enable the option, copy the value into a
.crt
file, and import it into the relevant service.
Reconfiguring same SSO domain for another team
If you need to reconfigure the same SSO domain for another Lokalise team, please follow these steps:
Empty all fields within Single sign-on (SSO) section of the Advanced security tab.
Uncheck Enable SSO setting.
Click on Save.
Proceed with configuring SSO for the other Lokalise team.
Configuration on Okta
SAML settings
Single Sign On URL, Recipient URL, and Destination URL: Set all three to the ACS URL Preview value from your Lokalise SSO settings.
Audience Restriction:
https://lokalise.com
Name ID format:
Persistent
Response:
Signed
Assertion Signature:
Signed
Leave all other fields with their default values unless your organization requires otherwise.
Attribute statements
You'll need to provide attribute statements as shown in the screenshot below.
Please note that attribute names and values are case-sensitive.
Logging in with SSO
Once everything is set up, proceed to https://app.lokalise.com/sso
and enter user email associated with the Okta domain. Upon the first log in, you'll be asked to confirm your email: