> ## Documentation Index
> Fetch the complete documentation index at: https://docs.langdock.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Okta SAML Setup

> Enable your users to sign in to Langdock using their Okta accounts via SAML 2.0.

## Overview

This guide walks you through configuring SAML single sign-on with Okta. You'll create a new SAML application in Okta, configure the authentication settings, and establish a secure connection between your identity provider and Langdock.

Once complete, your users will be able to sign in to Langdock using their Okta credentials.

## Setup Checklist

Verify that you have completed these steps from the [setup checklist](/en/admin/security/saml/saml#setup-checklist):

<Warning>
  * You have access to an admin account in your Langdock workspace
  * "Join by domain" is enabled in your Langdock security settings
  * Your domain is added and verified in your Langdock security settings
  * You have an Okta account with the ability to create and manage Applications
</Warning>

## Create a new SAML application in Okta

First, you need to create a new SAML application in your Okta Admin console.

To do this, follow these steps:

1. In your Okta Admin console, navigate to **"Applications"** → **"Applications"**
2. Click **"Create App Integration"**
3. Select **"SAML 2.0"** as the sign-in method and click **"Next"**
4. Name your application (e.g., "Langdock") and, optionally, upload an app logo
5. Click **"Next"**

## SAML Configuration

Langdock uses SAML 2.0 as the standard for SSO authentication. After creating the application, you need to configure the SAML settings.

In Langdock, navigate to your [Security settings](https://app.langdock.com/settings/workspace/security) and copy the following values:

1. The **"Assertion Consumer Service (ACS) URL"**
2. The **"Audience URI (SP Entity ID)"** value (`langdock.com`)

In the **"Configure SAML"** step in Okta, fill in the following fields:

1. **"Single sign-on URL"**: Paste the **"Assertion Consumer Service (ACS) URL"** from Langdock
2. **"Audience URI (SP Entity ID)"**: Paste the **"Audience URI (SP Entity ID)"** value from Langdock (e.g., `langdock.com`)
3. **"Name ID format"**: Select **"EmailAddress"**
4. **"Application username"**: Select **"Email"**

You can leave the other fields with their default values. Click **"Next"** to proceed.

On the feedback page, select **"This is an internal app that we have created"** and click **"Finish"**.

## Connect Okta to Langdock

After finishing the application setup, you need to copy the Okta SAML metadata to Langdock.

In the **"Sign On"** tab of your newly created Okta application:

1. Click **"View SAML setup instructions"**
2. Copy the **"Identity Provider Single Sign-On URL"** — this is your **Sign on URL** in Langdock
3. Copy the **Identity Provider Issuer**  this is your **Issuer** in Langdock
4. Copy the **"X.509 Certificate"** and paste it into the **"Certificate"** field in Langdock. Copy the entire certificate so that the beginning and end match the example below:

```
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
```

Finally, activate the **"SAML Active"** toggle to enable SSO.

To let people outside verified domains sign in without Okta, configure **Allow External Authentication** in [SAML settings](/en/admin/security/saml/saml#password-login-and-saml).

## Assign Users

To allow your users to sign in to Langdock via Okta, you need to assign them to the application.

In the **"Assignments"** tab of your Okta application, click **"Assign"** and either:

* Select **"Assign to People"** to assign individual users
* Select **"Assign to Groups"** to assign entire groups

## Test the SAML setup

<Info>
  To test the setup, please stay logged in in the current browser session and open a separate browser or an incognito window and navigate to [https://app.langdock.com](https://app.langdock.com).
</Info>

Enter an email address of a user assigned to the Okta application and click **"Continue"**.

You will be redirected to the Okta login page, where you can enter your credentials.

After successful authentication, you will be redirected back to Langdock and logged in.

## Troubleshooting

If you encounter any issues during the setup, reach out to [support@langdock.com](mailto:support@langdock.com) for assistance.