Enterprise

Okta

Configure Okta for enterprise SSO using SAML 2.0 or OpenID Connect, with optional SCIM provisioning.

Prerequisites
You need admin access to your Okta organization and an AccessIQ Professional or Enterprise plan.

Option 1: OpenID Connect (Recommended)

Step 1: Create Application in Okta

  1. Go to Okta Admin Console → Applications → Applications
  2. Click "Create App Integration"
  3. Select "OIDC - OpenID Connect" and "Web Application"
  4. Enter app name: "AccessIQ SSO"
  5. Sign-in redirect URI:https://auth.accessiq.io/callback/oidc
  6. Sign-out redirect URI:https://auth.accessiq.io/logout
  7. Save and note the Client ID and Client Secret

Step 2: Configure in AccessIQ

Configure Okta OIDCbash
curl -X POST https://api.accessiq.io/v1/organizations/YOUR_ORG/identity-providers \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "type": "oidc",
    "name": "Okta",
    "enabled": true,
    "config": {
      "clientId": "YOUR_OKTA_CLIENT_ID",
      "clientSecret": "YOUR_OKTA_CLIENT_SECRET",
      "issuer": "https://YOUR_OKTA_DOMAIN.okta.com",
      "scopes": ["openid", "profile", "email", "groups"]
    },
    "domains": ["yourcompany.com"]
  }'

Option 2: SAML 2.0

Step 1: Create SAML Application

  1. Go to Applications → Create App Integration
  2. Select "SAML 2.0"
  3. Enter app name and optional logo
  4. Configure SAML settings with AccessIQ values

AccessIQ SAML Configuration

Single Sign On URLhttps://auth.accessiq.io/callback/saml
Audience URI (SP Entity ID)https://auth.accessiq.io/sp
Name ID FormatEmailAddress

Configure SCIM Provisioning

  1. In your Okta app, go to "Provisioning" tab
  2. Click "Configure API Integration"
  3. Check "Enable API integration"
  4. SCIM connector base URL:https://api.accessiq.io/scim/v2/organizations/YOUR_ORG
  5. Enter your AccessIQ SCIM API token
  6. Test API Credentials and save
  7. Configure "To App" settings for provisioning actions
Provisioning Features
Enable "Create Users", "Update User Attributes", and "Deactivate Users" for full lifecycle management.

Attribute Mapping

Default Attribute Mappingjson
{
  "attributeMapping": {
    "email": "user.email",
    "firstName": "user.firstName",
    "lastName": "user.lastName",
    "displayName": "user.displayName",
    "department": "user.department",
    "title": "user.title",
    "groups": "user.groups"
  }
}