Koala organizations on every plan can use Sign in with Google. Organizations on the Business plan can configure additional SAML providers. This guide will walk you through how to configure SAML SSO for Okta as an example, but the steps are similar for other SAML providers.

Okta SAML SSO

To configure Okta SAML SSO, you must:
  • Be in Admin mode in Okta.
  • Have admin permissions in Koala and be on the Business plan.
Now to the steps:
  1. Visit the Security settings of your Koala workspace, and switch on the SAML SSO toggle.
  2. Go back to Okta and create a custom SAML application in Okta.
  3. In the SAML Settings form copy the Single-sign on URL and Audience URI (SP Entity ID) from Koala to the Okta form.
  1. For the attribute mappings we don’t require any specific attributes, but the Application Username should be set to Email.
  2. Click continue until the App in Okta is created.
  3. Assign the app to the users or groups that should have access to Koala.
  4. Now with the app in Okta created, go to the “Sign On” tab and click on “More Details” link to get the Single Sign-On URL and Certificate.
  1. Go back to Koala and paste the Identity Provider Single Sign-On URL and the X.509 Certificate in the SAML SSO settings.
  2. Click on Save and you are done.
After saving the SAML SSO settings, you will be logged out and will need to log back in. You have to type in your email address to initiate the SAML SSO flow.

Notes

Okta Group Assignments

When assigning Groups to the Okta App used on Koala’s integration, make sure that the users assigned from that group are shown as “Group” type instead of “Individual”. This inconsistent scenario could happen if a user that belongs to the group was previously assigned as an “individual”, making the login process fail. To fix this, remove all previously individually assigned users and then assign the Group you want to give access to. After that, all users in that group will be assigned to App and the type should be shown as “Group”.

Okta Attribute Statements

To correctly create and activate new users on Koala using Okta’s info, you should configure the Attribute Statements on the Okta App used on integration following these steps:
  1. Click on the App settings and go to the “General” tab;
  2. Click on the Edit button on the SAML Settings section;
  3. Click on Next button to go to 2. Configure SAML step;
  4. Locate the Attribute Statement section and add the following fields:
  • first_name mapped to user.firstName
  • last_name mapped to user.lastName
  • email mapped to user.email
  1. Click on the Next button and then on Finish to confirm the changes.
This way, when a newly invited user logs into Koala using Okta, their profile information will be correctly read from Okta.