Okta SSO Setup

Step 1

Access Okta Admin Dashboard

Log in to your Okta Admin Console
Your URL will look like: https://your-domain.okta.com/admin or https://your-domain.oktapreview.com/admin
Ensure you have Super Admin or Application Admin privileges

💡 Tip: If you don't have admin access, contact your Okta administrator to set up this integration.

Step 2

Create SAML 2.0 Application

In the Okta Admin Console, navigate to Applications → Applications
Click Create App Integration
Select SAML 2.0 as the sign-in method
Click Next
Enter the following information:

App name

EQS Platform

App logo (optional)

You can upload your company logo or skip this step

Check the box "Do not display application icon to users" if you want to hide it from the Okta dashboard
Click Next to proceed to SAML configuration

💡 Note: Don't worry about configuring SAML settings yet - we'll do that in the next step.

Step 3

Configure SAML Settings

On the SAML Settings page, enter the following values:

General Settings

Single sign-on URL

https://your-company.eqs.com/saml/acs

✓ Check "Use this for Recipient URL and Destination URL"

Audience URI (SP Entity ID)

https://your-company.eqs.com/saml/metadata

Default RelayState

Leave empty

Name ID format

EmailAddress

Application username

Email

⚠️ Important: Replace "your-company" with your actual EQS subdomain. For example, if you log in at acme.eqs.com, use acme as your company identifier.

Advanced Settings (Optional)

Response

Select: Signed

Assertion Signature

Select: Signed

Signature Algorithm

Select: RSA-SHA256

Step 4

Configure Attribute Statements

Scroll down to the Attribute Statements section and add the following attributes:

Name	Name format	Value
`email`	Basic	user.email
`firstname`	Basic	user.firstName
`lastname`	Basic	user.lastName
`username`	Basic	user.login

💡 How to add attributes:

Click "Add Another" for each attribute
Enter the Name exactly as shown (case-sensitive)
Select "Basic" as the Name format
Enter the corresponding Value from the table

Group Attribute Statements (Optional)

If you want to pass user groups to EQS for role-based access control:

Name

groups

Name format

Select: Basic

Filter

Select: Matches regex and enter .* to include all groups

After adding all attributes, scroll to the bottom
Click Next to proceed to feedback
Select "I'm an Okta customer adding an internal app"
Click Finish

Step 5

Download Metadata & Assign Users

Download SAML Metadata

You should now be on the Sign On tab of your EQS application
Scroll down to the SAML 2.0 section
Right-click on "Identity Provider metadata" link
Select "Save link as..." and save the XML file
Alternatively, click "View SAML setup instructions" and download from there

💡 Alternative method: You can also copy the metadata URL and send it directly to EQS Support.

Send Metadata to EQS

Email the downloaded XML file to:

Support Email

support@eqs.com

Include your company name and EQS subdomain in the email for faster processing.

Assign Users to the Application

In your EQS application in Okta, go to the Assignments tab
Click Assign and choose:
- Assign to People - for individual users
- Assign to Groups - for entire groups (recommended)
Select the users or groups that should have access to EQS
Click Assign for each selection
Click Done when finished

⚠️ Important: Users must be assigned to the application in Okta to access EQS via SSO. Unassigned users will not be able to log in.

Testing the Integration

Wait for EQS Support to confirm they've configured your SSO settings (usually within 24 hours)
Once confirmed, have a test user navigate to your EQS URL: https://your-company.eqs.com
They should see an "SSO Login" or "Sign in with Okta" option
Click that option to be redirected to Okta for authentication
After successful login in Okta, the user should be redirected back to EQS and logged in

✅ Congratulations! Your Okta SSO integration is complete! Your users can now access EQS using their Okta credentials.

Common Issues:

Can't download metadata? Ensure you clicked "Finish" on the SAML setup. Go back to the Sign On tab to find the metadata link.
"Identity Provider metadata" link missing? Click on "View SAML setup instructions" - the metadata should be available there.
Users can't see EQS in their Okta dashboard? Check if they're assigned to the application in the Assignments tab.
SSO login fails after setup? Common causes:
- EQS Support hasn't completed configuration yet - check with them
- Metadata file is incorrect - re-download and resend
- User isn't assigned to the application - check Assignments tab
- SAML URLs have wrong subdomain - verify in Step 3
Getting "Invalid SAML Response" error?
- Verify attribute names are exactly as specified (case-sensitive)
- Check that Name ID format is set to "EmailAddress"
- Confirm Signature Algorithm is RSA-SHA256
User logs in but has no permissions in EQS? Contact EQS Support to configure user roles and permissions.

Still having issues?

Contact EQS Support with:

Your company name and EQS subdomain
Screenshots of any error messages
The email address of a test user experiencing issues
Timestamp when the issue occurred

Complete Setup ✓

📚 Additional Resources

Okta Documentation

Official Okta guide for SAML app integration

View Documentation →

EQS Support Center

Get help with your EQS platform

Contact Support →

Video Tutorial

Watch step-by-step Okta SSO setup

Coming Soon →

Need to set up a different provider?

← Back to Provider Selection